More experiences with GoDaddy, free speech, and domain deletion

Previous Politech message:
http://www.politechbot.com/2007/01/26/godaddy-pull-plug/

-------- Original Message --------
Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security 
domain name without warning [fs]
Date: Fri, 26 Jan 2007 07:10:30 -0800
From: Marc Perkel <marc@perkel.com>
To: Declan McCullagh <declan@well.com>
References: <45B9C4BE.9060301@well.com>

Declan,

Last your GoDaddy yanked the domain for the data center where my
computers are hosted. (nectartech.com) They managed to take thousands of
domains offline as a result. I helped get them back online by recording
two phone calls to their tech support department.

http://marc.perkel.com/archives/000861.html
http://marc.perkel.com/audio/godaddy.mp3
http://marc.perkel.com/audio/godaddy2.mp3


-------- Original Message --------
Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security 
domain name without warning [fs]
Date: Fri, 26 Jan 2007 09:00:28 -0600
From: Buzz <buzz@buzzmo.com>
Reply-To: Buzz <buzz@buzzmo.com>
To: Declan McCullagh <declan@well.com>

Declan,

This may not be on the same scale, but I recently had a personal website 
shut down by GoDaddy. The site is for a humorous rock band some friends 
and I have been in for many years now (http://www.bhtch.com); it gets 
very little traffic.

One day the site just disappeared. The site was hosted via SiteFlip, 
which is a reseller of SSLcatacombnetowrks.com. Getting into contact 
with SiteFlip was next to impossible, as they are one of those 
fly-by-night, email-contact-only web hosts run out of some guy's garage. 
The response I eventually got gave me no indication as to why the 
hosting was shut down, and it took massive effort by multiple members of 
our band to get them to let us get our data off their servers 
(essentially, they kept canceling our tech support accounts). As far as 
I was able to discern, they were told to shut us down by our registrar, 
i.e. GoDaddy. Mind you, we were never given any sort of refund of 
hosting fees.

As far as I could tell, our site was never in violation of SiteFlip's 
TOS. Our domain does get spoofed a lot by spammers, as you can imagine, 
but I would have thought the Powers That Be at our host and registrar 
would possess basic postmaster skills like reading email headers. I used 
to work for an ISP as acting postmaster, and I can tell you it's not 
rocket science.

Regardless, I've since transferred all domains away from GoDaddy, and I 
will never use them, SiteFlip, or any SSLCatacomb-related services ever 
again. I'm now with eNom, the registrar for ICDSoft, which is one of the 
best hosting companies I've ever dealt with. I've had other sites hosted 
with them for years with no problems, and their tech support is amazing.

Cheers,
Buzz



-------- Original Message --------
Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security 
domain name without warning [fs]
Date: Fri, 26 Jan 2007 15:26:58 +0530
From: Suresh Ramasubramanian <suresh@hserus.net>
Organization: -ENOENT
To: Declan McCullagh <declan@well.com>
References: <45B9C4BE.9060301@well.com>

Hey Declan

Curious what you get when you add two and two together (and this case
could very well be me getting an answer "twenty two", but still..).

Myspace is suing Scott Richter for illegally accessing thousands of
myspace accounts and posting spam bulletins to the friends list of those
accounts ..

And now there's this big list of myspace accounts floating around
online. This stuff is quite possibly phished from myspace users, usually
naive kids who routinely post the kind of personal information online
that's an ID thief's dream come true,  There's a huge amount of phishing
spam targeted at myspace, so it need not necessarily be shoddy security
on myspace's part.

Coincidence? Or not?




-------- Original Message --------
Subject: RE: [Politech] MySpace, GoDaddy pull plug on computer security 
domain name without warning [fs]
Date: Fri, 26 Jan 2007 10:32:41 -0500
From: Richard M. Smith <rms@computerbytesman.com>
To: 'Declan McCullagh' <declan@well.com>

As an aside, using the DNS system to censor Web sites is sometimes
necessary.  Back in 2004, a number of folks and myself investigated a piece
of malware that turned people's home computers into Web proxy servers in
order to host porn and phishing Web sites.  Every 10 minutes, DNS records
would get updated to move a Web site from one home computer to another.  The
goal was to make it hard to shut down the Web sites.  I tried to get the
domain registration company to turn off the domain names being used by the
scammers, but had no luck.  The system was finally shut down when analysis
of the malware showed that a master host system at Everyone's Internet was
running the whole show.  Turning off the master killed the network of scam
Web sites.  Had the scammers moved the master system around to other
hijacked home computers, the DNS system might have been the only way to turn
off the scam network.

Richard




-------- Original Message --------
Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security 
domain name without warning [fs]
Date: Fri, 26 Jan 2007 11:41:50 -0500
From: Paul Levy <plevy@citizen.org>
To: <declan@well.com>

We have had our own go-around with Christine Jones, after Domains by 
Proxy (an affiliate of GoDaddy) gave us very little time to get into 
court to oppose a subpoena to identify a Doe.  It was like pulling teeth 
to get even a couple of days extension, and even though the time they 
were willing to delay compliance with a subpoena is much less that the 
real biggies like Yahoo! and Google insist on as a matter of course, she 
used similar  words, "very generous," to describe her response to our 
requests.  Of course, when a case is pending far from where you are 
(this one was in Arizona), the lawyer who wants to help needs time not 
only to review the case and prepare papers, but to find local counsel. 
We were able to get to court in time, thank goodness, and the court 
quashed the subpoena.  http://www.citizen.org/hot_issues/issue.cfm?ID=1526

We attacked Ms. Jones her publicly for her company's grudging response 
to a customer's appeal for time to protect his anonymity, and although 
she responded by saying how hurt she was, we have actually found that 
she has been much more responsive WRT anonymity issues more recently, at 
least to us.   We certainly commend her for this improvement, and her 
responsiveness has been useful to us as regular litigators representing 
clients trying to preserve their anonymity.   Whether relying on 
personal relationships to decide when to be responsive to customers 
seeking to preserve their anonymity is a good idea for a company that 
wants to build its business by offering a "protect your anonymity" 
product is another question.

The same reasoning would apply to her "good corporate citizenship" 
response to criticism over her willingness to pull a web site without 
notice or opportunity to respond and persuade.  We can only hope that 
GoDaddy will learn from this experience and build a more reasonable 
policy for future cases.

Your comment on the relevance of the DMCA also brings to mind the 
question about whether we should be thinking about reforming the DMCA 
takedown provisions both to ensure better protection for the "accused" 
end user who is victimized by this sort of demand, and at the same time 
extend the DMCA approach -- absolving the host of liability in return 
for entering into the takedown minuet -- to areas other than copyright.

In some ways, one might shudder at the extension of a procedure that 
isn't working well for the end user, but on the other hand the big ISP's 
have, as a practical matter, extended the model to other legal claims 
through programs like eBay's VeRO.  Given the current language of the 
DMCA (and the Communications Decency Act, which protects ISP's against 
liability based on hosting but exempts "intellectual property" claims), 
if a company claims a trademark violation, of a violation of other 
rights at the edges of intellectual property such as the right of 
publicity or trade secrets, the ISP has no protection against liability 
even if it gives notice, receives a put-back response, and then refrains 
from removal.  Knowing the limits of the DMCA protection, companies 
routinely and rather cynically throw claims other than copyright into 
their takedown notices.

There are a couple of ways in which the DMCA take-down process might be 
improved.  Currently the ISP takes down content immediately upon 
receiving a Notice of Claimed Infringement (NOCI), then sends notice to 
the end user.  If the end user files a counternotice, the ISP puts the 
material back online fourteen days later unless the content-owner files 
suit during that period.  This system gives the content owner a free 
14-day temporary injunction.  A better way would be to notify the user 
as soon as the NOCI is received, and give a reasonable amount of time 
(10 days) to file a counternotice.  If the counternotice is filed within 
the time period, the material will never have been taken down and the 
ISP will still enjoy the benefit of safe harbor.  The content owner 
would then have to seek an injunction to take the material offline.

Moreover, one might, for example, provide that once an alleged victim 
claiming wrongdoing initiates the takedown minuet and the user responds 
to the takedown notice, not only the complainant but the ISP also is 
committed to the process, and the ISP is BARRED from removing the 
material unless the claimant actually does go to court.  At that point, 
the ISP should act as a stakeholder, leave the resulting action 
dependent on what happens in the litigation.


Paul Alan Levy
Public Citizen Litigation Group
1600 - 20th Street, N.W.
Washington, D.C. 20009
(202) 588-1000
http://www.citizen.org/litigation
Posted by Declan McCullagh on Jan 26, 2007 in category free-speech