domain seizures – Techdirt (original) (raw)

DOJ Seizes Domains, Claiming They Pushed Iranian Disinformation; Should Raise 1st Amendment Concerns

from the train-has-left-the-station dept

For about a decade now we’ve been questioning why the government is allowed to seize domains over claims of illegal behavior happening on a website. It seems to us that seizing a website is the equivalent of seizing a printing press or books — both of which would be deemed clear 1st Amendment violations. Unfortunately, even when those seizures have proven to be for made up reasons, no one has been able to challenge the underlying ability of the government to seize domains. And now it seems to happen all the time. And even if you believe the websites in question are doing something bad, seizing the websites is problematic.

The latest such case is the Justice Department announcing that it had seized a bunch of domains pushing disinformation on behalf of Iran’s Islamic Revolutionary Guard Corps.

The United States has seized 92 domain names that were unlawfully used by Iran?s Islamic Revolutionary Guard Corps (IRGC) to engage in a global disinformation campaign, announced the Department of Justice.

According to the seizure documents, four of the domains purported to be genuine news outlets but were actually controlled by the IRGC and targeted the United States for the spread of Iranian propaganda to influence United States domestic and foreign policy in violation of the Foreign Agents Registration Act (FARA), and the remainder spread Iranian propaganda to other parts of the world. In addition, the seizure documents describe how all 92 domains were being used in violation of U.S. sanctions targeting both the Government of Iran and the IRGC.

According to reporter Kevin Collier, who used the Wayback Machine to check out some of these sites, they seemed like mostly junk with little US social media presence.

There's a lot to go through, but my immediate read on the DOJ seizure of a bunch of sites that are allegedly part of IRGC disinformation campaigns is that they kinda suck. Not compelling news (I'm looking at samples on @internetarchive) & their US social media presence was low. pic.twitter.com/t2K6jknqqq

— Kevin Collier (@kevincollier) October 7, 2020

Even so, and even if we’re concerned about foreign disinformation campaigns targeting the US, it still makes me nervous when the US government feels that it can just go in and seize entire domains. It strikes me as the thing that can create blowback as well. The US has certainly been involved in foreign propaganda as well — and would we want foreign governments seizing the assets of, say, Voice of America?

Filed Under: disinformation, doj, domain seizures, iran, irgc

from the the-case-is-over dept

Earlier this year, we sued ICE over its failure to provide relevant documents in response to a FOIA request we had made late last year. Late last week that lawsuit came to an end, after we agreed to dismiss it after ICE finally handed over the documents we had requested, which should have supplied last year. What we have now learned is that ICE didn’t even bother to look in the proper place for the documents, and (not surprisingly) that once they handed over the documents, they reveal that ICE’s legally-confused, bragging press release about all the domains it had seized… was not even remotely accurate. Perhaps that’s why ICE didn’t want to share the details with us or anyone else.

First, a bit of history. For years we’ve been calling out ICE for the very questionable practice of seizing websites for large companies in response to claims of possible copyright infringement. Indeed, First Amendment case law makes it pretty clear that law enforcement can’t shut down an entire bookstore or an entire publication just because there is some possibly illegal content within that publication or store. Yet, ICE seemed over-eager to seize lots of websites and grandstand about it. In following up on those cases, we’ve shown that ICE made serious mistakes, often relying on claims from industry partners, such as the RIAA, without any actual evidence. This resulted in things like ICE quietly returning a hip hop blog it had seized and held for over a year (including engaging in secret proceedings before a judge that even the site’s lawyer was blocked from learning about), admitting that it had no evidence for the seizure. In another case, it returned another hip hop blog five years after seizing it, without ever presenting any evidence for why it seized the site.

So we were confused and amazed last fall when ICE put out a ridiculous press release again hyping up its efforts to seize websites, claiming that over 1 million domains had been seized. The press release was written in a confusing and legally nonsensical manner, frequently confusing the difference between copyright and trademarks — which is pretty shocking for a supposed law enforcement agency. For example, it talks about seizing “a copyright-infringing website offering counterfeit integrated sensors.” Counterfeiting is a trademark issue, not a copyright one.

Because of this, we filed a FOIA request, seeking the list of the “over a million websites” the press release claimed were seized under Operation In Our Sites, and also requested the communications with the various “high-profile industry representatives” that the press release stated helped ICE with these seizures. ICE responded (late) that it couldn’t find any such records, despite multiple requests and an appeal, leading us to sue. As we noted during our appeal, it “strains credulity to believe, and it is impossible to accept, that ICE doesn’t have a single record related to the names of domains it had just seized.”

After many months, ICE has finally explained why it failed to find any records, and provided what records it does have (with some mostly silly redactions). Let’s start with the reason why it couldn’t find any records. According the declaration of Toni Fuentes, in the ICE FOIA office, they didn’t bother to look in the part of ICE that ran the program and issued the press release. ICE is broken up into various “offices” including “the IPR Center” which focuses on intellectual property issues. However, the ICE FOIA office decided that other parts of ICE were the places to look.

Upon receipt of a proper FOIA request, the ICE FOIA Office will identify which program offices, based on their experience and knowledge of ICE?s program offices, within ICE are reasonably likely to possess records responsive to that request, if any, and initiates searches within those program offices. Once the ICE FOIA Office determines the appropriate program offices for a given request, it provides the POCs within each of those program offices with a copy of the FOIA request and instructs them to conduct a search for responsive records. The POCs then review the FOIA request, along with any case-specific instructions that may have been provided, and based on their experience and knowledge of their program office practices and activities, forward the request and instructions to the individual employee(s) or component office(s) within the program office that they believe are reasonably likely to have responsive records, if any….

[….]

The ICE FOIA Office determined that because of the subject matter of Plaintiffs? FOIA Request, HSI and OPA were the offices likely to have responsive records. The ICE FOIA Office instructed HSI and OPA to conduct a comprehensive search for records and to provide all records located during that search to the ICE FOIA Office for review and processing.

Notice that the IPR Center is not one of the offices searched, even though it was the office that issued the press release in question and is directly named in the press release. OPA makes at least a bit of sense, because it handles ICE’s interactions with the media, so would likely have helped in reviewing the press release — but would be unlikely to have the records we were requesting. HSI handles “investigations” for the Department of Homeland Security, and was mentioned in the press release as helping to take down a single website. After the FOIA office handed off the task to HSI, apparently a few special agents did somewhat random and haphazard searches of their own emails and turned up nothing.

Within C3, one Special Agent conducted a search of his computer and Outlook using the term ?IPR? and ?ICE IPR Center? based upon the press release provided by the Plaintiffs and his subject matter expertise. No records responsive to the request were located. One Special Agent conducted a search of his computer and Outlook using the terms ?seized? and ?website? based upon the press release provided by the Plaintiffs and his subject matter expertise. No records responsive to the request were located. One Special Agent conducted a search of Outlook using ?Operation In Our Sites? based upon the press release provided by the Plaintiffs and his subject matter expertise. No records responsive to the request were located.

And here’s the key part. That last agent suggested that maybe ICE should be asking the IPR Center to respond… but no one did anything about it:

However, this Special Agent did note on the returned search form that he believed the IPR Center may have responsive records. However, the IPR Center was not tasked to conduct a search at this administrative level and on February 19, 2019, the ICE FOIA Office notified the Plaintiffs that no responsive records were located.

Eventually, much, much later, someone finally gave the FOIA request to the “program manager” for Operation In Our Sites within the IPR Center, and that person found 75 pages, which were only given to us months after we sued (amusingly, the Fuentes declaration has some fun with the timelines, in suggesting that the IPR Center was told to do this search long before we sued, and then stops providing dates, such as the fact that they didn’t give us these documents until months after we sued. The 75 pages, combined with the Fuentes declaration above, reveal that the ICE press release was a total joke and a complete exaggeration. First off, most of what happened had nothing at all to do with ICE. At best it was taking credit for seizures done by Europol, Interpol and various police agencies, as well as common every day takedown notice sent by various companies, which it appears ICE included in its numbers.

ICE further provided that of the websites that were criminally seized, the majority of them were seized by Europol, Interpol and police agencies from 26 different countries and that these partners did not share the domain names of those websites with ICE. Further, in regard to the remaining domain names, other industry partners were involved in the seizure of those websites and did not provide the domain names of those websites to the IPR Center. Lastly, ICE was not involved with and does not have any records relating to, any court filings relating to the seizure, civilly or criminally, of domain names.

Indeed, despite the press release clearly indicating that ICE was the one filing court cases — including criminal cases — to seize these domains, ICE admitted directly to us “ICE wasn’t involved in the filing of any court documents.”

So, what was included in those 75 pages? What appears to be nothing more than a PR campaign to allow ICE to puff up fake seizures of websites in advance of the press release it wanted to put out in association with Cyber Monday last year. The Program Manager of Operation In Our Sites apparently just emailed a bunch of big name retailers asking for stats:

Good afternoon,

I am sending this email as a reminder that Operation Cyber Monday 2018 will be concluding in a little over a month. I am hoping you can send me your statistic on the number of infringing websites and E-Commerce links that your company has civilly seized/taken down by COB November 16, 2018.

Lumping together “civilly seized/taken down” does a lot of heavy lifting in making this effort seem like a much bigger deal than it is. As the details we’ll show below make pretty clear, by asking for “civilly seized” and “taken down” as a single number, ICE gets to pretend that sites were seized using civil seizure procedures (for which there would be legal paperwork), when they’re mostly just taken down thanks to standard everyday takedown notices.

The various companies then responded, giving a wide range of results — most of which appear to just be them getting various e-commerce sites (it appears to mainly be eBay/Alibabba/Amazon and some other market sites) and social media sites to remove links to what they claim are counterfeit products. Amusingly, in some of the emails, “Operation Cyber Monday” is redacted. In others, where it’s the exact same email, it is not. Just last week, after we raised questions about a bunch of the redactions, ICE gave us a “supplemental” response, in which it changed some of the reasons for some of the redactions and removed all of the redactions on the phrase “Operation Cyber Monday 2018” which never should have been redacted in the first place.

What remains redacted is mainly who the companies are and which people at the companies are engaged in this effort to shut down websites and e-commerce links. Most rely on either (b)(6) or (b)(7)(c) redactions, both of which are for “unwarranted invasion of the personal privacy” while a few (b)(7)(d) redactions remain. Those are especially odd as that’s for disclosing “the identify of a confidential source.” It is difficult to see how these individuals should be considered confidential sources.

Also, for what it’s worth, while the names of the companies that participated in this charade are technically redacted, with a little sleuthing, it is not that difficult to figure out who most of them are. In digging into the details, we’ve identified a variety of clothing/footwear/accessory companies, including Chanel, Abercrombie & Fitch, Victoria’s Secret, Burberry, Under Armour, and Nike. It is unclear why ICE sought to keep those names secret, except that in the Fuentes declaration, it is admitted that these companies only agreed to participate in this propaganda campaign in exchange for anonymity and that they not be named as partners:

Each of the companies whose name and/or address has been withheld under Exemption 7(D) provided information to ICE to assist in a federal criminal law enforcement investigation under an expressed promise that ICE would not reveal to the public that they participated in this Operation. If released, foreseeable harm would result to both the companies that provided the information under the promise of confidentiality and to ICE, who relies upon the information these companies provide during the course of their law enforcement operations.

This seems highly questionable. We wouldn’t go about releasing names of sources that would result in real harm, but it’s difficult to see how revealing that Nike or Victoria’s Secret have worked with ICE to take down Chinese links selling counterfeit merchandise does any harm to the continued efforts to find and take down counterfeit offerings. It seems the only “harm” would be some level of embarrassment to the companies for teaming up with ICE at a time when many consider ICE to be kind of toxic. But embarrassment to a brand over its associations is not a legitimate reason to withhold their names.

Even more to the point, from everything given to us, the claim that this somehow harms ICE’s “law enforcement operations” is equally ridiculous, since ICE admitted that it didn’t do any law enforcement operations here. It just asked everyone to tell them what they had gotten taken down so it could hype its own “participation.”

As for the claim that over a million sites were seized — that number seems to come almost entirely from one participant (the one company whose identity we couldn’t backtrack, unfortunately), which claimed that it, alone, had been able to get 1,168,543 “unique host site URLs” offline. This company seemed particularly active in taking down sites, but no further details are given:

Indeed, this number is so out of sync with all of the other numbers, that it makes you wonder if the 1 million number is actually unique URLs or if they actually mean something else, like social media links or something. None of the others come anywhere near this number, and many are are just a few hundred or a few thousand links. Without this one unnamed company, there is no “1 million sites” that ICE can claim for itself (despite not doing anything). Also, it is clear that those sites were “taken down” and not “seized.”

Nearly all of the other ones show very few websites taken offline, with most of the focus being on e-commerce sites listing counterfeits or social media posts showing the same. So, for example, this appears to be Chanel’s list, which had the second most sites taken down at 13,657, though many more market and social media listings:

And here’s Abercrombie & Fitch who “submitted” 726 websites.

What appears to be Victoria’s Secret reported just 8 websites that it got “removed.”

What appears to be Burberry took down just under 600 “infringing websites.”

What we believe is Under Armour provided the most detail in their response in taking down 211 websites, though it sounds as though it was mostly just talking to Shopify, which helped them takedown websites offering counterfeit goods, rather than “seizing” the sites as the whole operation press release suggested:

And, finally, what is likely Nike took down just under 2,000 websites and a small number of Facebook and Instagram links but helpfully highlighted how many estimated “followers” it removed. But also the person from Nike “look[s] forward to continuing to work with you and figuring out ways to expand on our current partnership.”

All in all, it seems like this is mostly these companies finding counterfeit sellers and getting those links taken down, mostly by going to intermediaries and asking for them to be shut down. That seems mostly reasonable, though there is always the risk of false accusations and legitimate sites and sellers being shut down. However, the key here is that ICE’s boastful press release, in which it couldn’t tell the difference between copyright and trademark, appeared to a bunch of nonsense, taking credit for the work that these companies had done in asking for various links to be removed — and hyping it up as if these had been “seized” by the government.

All in all we’re glad that ICE finally provided this information, though it shouldn’t have required a lawsuit to make it happen. It does seem to show, as we expected, that ICE was exaggerating what was happening, and certainly exaggerating and playing up its own role in these “seizures” (most of which appeared to be takedown requests that ICE had nothing to do with). Special thanks to the team at Cause of Action, a non-profit focused on transparency and accountability in government, for representing us in this litigation.

In the meantime, since we’re just weeks away from Cyber Monday 2019, we’re curious to see if ICE makes another one of these announcements. At the very least, we hope this year they figure out the difference between copyright and trademark. Even better would be to just come out and admit that what they’re exaggerating as some sort of legal/judicial process is really just a bunch of companies sending takedown notices that have nothing to do with ICE. Or, best case, maybe ICE gives it a rest this year. Somehow I doubt it will.

Filed Under: copyright, counterfeits, dhs, domain seizures, foia, ice, ipr center, trademark
Companies: abercrombie & fitch, burberry, chanel, nike, under armour, victoria's secret

Techdirt Sues ICE After It Insists It Has No Records Of The 1 Million Domains It Claims To Have Seized

from the transparency-in-censorship dept

Earlier today, we sued ICE for its failure to provide relevant documents in response to a FOIA request.

There’s a pretty long backstory here, so let’s go back about a decade. In the summer of 2010, we found it somewhat disturbing that ICE had “seized” a bunch of websites and was announcing this from Disney’s headquarters. It raised all sorts of questions, starting with the big First Amendment questions. There are a whole bunch of cases making it clear that prior restraint is not allowed under the First Amendment. In Fort Wayne Books v. Indiana, the Supreme Court made it quite clear that you couldn’t “seize” an entire bookstore in response to one possibly illegal (in that case, obscene) book:

The pretrial seizure of petitioner’s bookstore and its contents… was improper. While a single copy of a book or film may be seized and retained for evidentiary purposes based on a finding of probable cause, books or films may not be taken out of circulation completely until there has been a determination of obscenity after an adversary hearing. The risk of prior restraint, which is the underlying basis for the special Fourth Amendment protection accorded searches for and seizures of First Amendment materials, renders invalid the pretrial seizure here. Even assuming that petitioner’s bookstore and its contents are forfeitable when it is proved that they were used in, or derived from, a pattern of violations of the state obscenity laws, the seizure was unconstitutional.

It seemed quite clear to me that seizing an entire website, based merely on accusations of copyright infringement, presented the same problem.

And here, the situation was even worse. Because it wasn’t being done based on a real investigation by the government, but entirely on the say so of industry — and, in particular, an industry that has a long history of over exaggerating and misrepresenting the “threats” of the internet. As we noted at the time, if the FTC/DOJ announced plans to bring antitrust charges against Google, and did so from Microsoft’s headquarters… people would freak out. And yet, announcing website seizures from Disney’s headquarters was no problem?

ICE continued seizing websites under this program, which it called “Operation In Our Sites.” Later in 2010 we found a bunch of seizures especially problematic, because among the seizures were two blogs, an open discussion forum and a search engine. Seizing a blog was clearly prior restraint. Indeed, over a year later, ICE quietly handed back one of the blogs, and later admitted that it didn’t have any evidence at all that the site was engaged in copyright infringement. Later documents (only unsealed due to a court challenge by EFF) revealed that ICE had seized that blog, Dajaz1, based entirely on false claims by an RIAA exec, and took over a year to hand back the domain (including getting the court to grant “secret” extensions that it wouldn’t even tell Dajaz’s lawyer about) because it kept waiting for the RIAA to provide the evidence it insisted it had… but never seemed to be able to give to ICE.

And that was not even the worst of these situations. In 2012, nearly two years after seizing it, ICE returned a forum website after that site sued the government. The US government quickly dropped the case and handed back the domain, more or less admitting it had no evidence.

Oh, and then after sitting on the website of another blog for five years, ICE quietly returned the blog OnSmash without ever filing any charges.

Think about that. Lots of people are up in arms about ICE these days for very good reasons. But the fact that these thugs have been literally seizing and pulling down entire websites — a clear First Amendment violation — based entirely on the say-so of a few biased corporate execs should be a major scandal.

That takes us to late last year, when I saw that ICE had put out a truly astounding press release. Apparently, Operation In Our Sites has continued unabated for all these years, and ICE was happily crowing about having now seized over a million domains. Given the problems we had found with some of their earlier seizures (and the fact that they had to return a bunch of them), not to mention the concerns about censoring websites on the say so of corporate execs, we found it even more bizarre that the press release proudly stated that the seizure efforts were done with “high-profile industry representatives.” It was also truly bizarre that the press release from a government agency tasked with enforcement of certain copyright and trademark laws repeatedly seemed to confuse trademarks with copyrights.

Still, given that ICE had announced the seizure of over 1 million domains in partnership with “high profile industry representatives,” we figured at the very least the public should be able to find which sites had been seized and with which industry execs. So back in December I sent a FOIA request. ICE — incredibly — came back and claimed it had “no responsive records.” We appealed. In April, ICE agreed with our appeal and sent the FOIA back for a new search. We heard absolutely nothing from ICE after that. So early this morning, with the help of the non-profit Cause of Action, we sued ICE to get them to obey the law and respond to our FOIA request.

If it strikes you as somewhat unbelievable that ICE might seize over a million domain names in coordination with “high profile industry representatives” and then have no records of what those domains are, or any communications with those “high profile” industry execs, welcome to the club. We hope that ICE does the right thing, obeys the law, and provides the documents we have requested.

Filed Under: domain seizures, foia, ice, operation in our sites, records, transparency

ICE Seizes Over 1 Million Websites With No Due Process; Apparently Unaware That Copyright & Trademark Are Different

from the this-does-not-bode-well dept

Over the years, we’ve written an awful lot about asset forfeiture and how it is basically the government stealing shit they want with almost no due process. But the reason we started writing about asset forfeiture was when ICE used that process to seize a bunch of websites based entirely on the claims of the RIAA and MPAA that those websites were distributing copyright-infringing material. It turned out those claims were totally bullshit, leading to ICE eventually agreeing to return a blog over a year after it had been seized, and two others after holding them for over five years.

I’m still perplexed that this story was almost entirely ignored by the media. This was outright censorship by the US government — the equivalent of seizing a printing press from a publication and holding it based on nothing other than some private party’s complaints about the content of their publication. Incredibly, an ICE official, soon after the initial seizures, made the following bold claim:

“People told us that we will fail if we seize these domain names, and that we’ll look foolish,” said Erik Barnett, assistant deputy director of the US government’s Immigration and Customs Enforcement (ICE) team, which began conducting Operation In Our Sites last year.

He also stated that none of the seized sites had challenged the seizure, which was literally false. Barnett, in case you’re wondering, has moved on to the private sector and is apparently now the Regional Head of Europe for Financial Crime Threat Mitigation for HSBC, a company that was described in a recent article this way:

DRUG cartels, mafia, celebrities and the European aristocracy: when it comes to laundering ?dirty money? world giant HSBC is king and proof it may actually be impossible to regulate banks.

[….]

The French-TV made ?Banksters? claims HSBC was the go-to bank for ?a raft of illegal activities, from money laundering for the mafia, to enabling tax evasion and currency manipulation?.

Right.

ICE’s boss at the time of these seizures, John Morton, also made some flabbergasting comments:

We don’t have any interest in going after bloggers or discussion boards,” he said. “We’re not about what is being said by anybody. We’re about making sure that the intellectual property laws of the United States, which are clear, are enforced. When somebody spends hundreds of millions of dollars to develop the next movie or a billion dollars to develop the next heart medicine, the innovation and the enterprise that went into that effort is protected as the law provides. It’s that simple.”

Except it wasn’t that simple, as proven by the fact that ICE eventually returned all of those sites. Without getting any sort of apology from Morton. Or any acknowledgement that the 1st Amendment actually bars you from seizing a website. Oh, and if you’re wondering, Morton is now the Chief Compliance Officer at Capital One, a company that paid out a $200 million fine for deceptive marketing, and also is viewed as the “least favorite” credit card company… perhaps because it sues more of its customers than any other credit card company.

So, anyway, back to ICE and seizing websites. Even after its total flop in seizing blogs for false accusations of copyright infringement, ICE has gone right on seizing websites, though most of them appear to be focused on seizing sites selling counterfeit goods, rather than blogs and forums discussing music.

Still, it seems notable that in late November, ICE proudly announced that it had seized over a million websites, though frankly, the press release raises a hell of a lot more questions than it answers. First off, it appears that ICE has no clue that copyright and trademark are entirely different things.

More than 1 million copyright-infringing website domain names selling counterfeit automotive parts, electrical components, personal care items and other fake goods were criminally and civilly seized in the past year through the combined efforts of law-enforcement agencies across the world, high-profile industry representatives and anti-counterfeiting associations.

“Copyright infringing website domain names” already is a weird description (were the URLs themselves infringing?) but it’s made even weirder by saying that these sites were seized because they were selling counterfeits. Counterfeiting is a trademark issue, not a copyright one. Those laws are entirely different. Shouldn’t a government agency in charge of enforcing these things… uh… know the difference?

The ongoing intellectual property enforcement initiative targeting fake websites, dubbed Operation In Our Sites, was facilitated by the National Intellectual Property Rights Coordination Center (IPR Center), a joint-task force agency led by U.S. Immigration and Customs Enforcement. The IPR Center, which stands at the forefront of the U.S. government?s response to IP theft, worked directly with key international law-enforcement authorities and industry organizations representing the electronics sector, luxury brand-name designers, film and entertainment and several entities specializing in apparel and accessories through the major enforcement effort.

Operation In Our Sites is the same one that was named when ICE seized all those sites I mentioned earlier — in which blogs and discussion forums were seized, with no evidence to back them up, and held by the US government for between one and five years, before finally being handed back to the original owners because no one could ever prove those sites actually broke the law. Seems kinda weird to now tout that same operation as a roaring success.

And, need we remind you that, under the “Operation in Our Sites” banner, ICE once accidentally seized 84,000 sites, denied it for nearly a week and then finally admitted they fucked up? This is the same Operation they’re now promoting for seizing one million sites? It’s not clear if they include those 84,000 that were done “accidentally” in that total.

Roughly 33,600 website domain names were criminally seized in a collaborative effort between ICE?s Homeland Security Investigations (HSI), Europol, Interpol and police agencies from 26 different countries. Industry partners participating in the operation were fully responsible for civilly seizing 1.21 million domain names and shutting down 2.2 million erroneous ecommerce links featured on social media platforms and third-party marketplaces.

Hmm. “Industry partners” were “fully responsible for civilly seizing” these domain names. Does that mean the US government “seized” them… or that the “industry partners” got the domains. Because if it were the latter… that seems extraordinarily questionable. I know that, in some of those earlier seizures, we found it odd and distasteful that ICE announced the seizures of sites from a Hollywood studio, but it’s another thing altogether if the federal government is literally taking domains and handing them to private companies without even a whiff of due process. Even if this just means that the “industry partners” gave ICE a big list, then we’re still left with a fairly long list of due process questions. Did ICE really check all 1.21 million domains before having them seized? Considering that they fucked up so badly a few years ago at a time when they merely seized five domains, forgive me for questioning the amount of review that went into 1.21 million.

Investigations led by HSI resulted in the removal of copyright-infringing websites that sold counterfeit airbags and integrated sensors, both commodities that present a potential safety hazard. An investigation based in Louisiana led to the seizure of five website domain names ? including Chinaseatbelt.com; Airbagpart.com; Chinasafetybelt.com; Fareurope.com; and Far-europe.com ? involved in the sale of fake automotive parts. A joint case between HSI and Department of Defense investigative agencies resulted in the removal of PRBlogics.com, a copyright-infringing website offering counterfeit integrated sensors.

Once again, ICE makes it clear that they haven’t the slightest clue that copyrights and trademarks are not just separate laws, but that they originate from two totally different parts of the Constitution. None of what’s being described as “copyright-infringing” appears to be copyright related. Look, I get it that some people — often reporters! — mix up copyrights and trademarks (and patents!), but this is a law enforcement agency of the US government, who actually (for reasons that make no sense at all) has a major role in enforcing intellectual property laws. You’d think that at least they could get this kinda stuff correct.

Oh, and I should be clear: this isn’t just ICE in general. This is a special division of ICE specific to “Intellectual Property.”

?The IPR Center is committed to supporting enforcement actions that target copyright-infringing websites threatening the health and safety of unsuspecting consumers by offering dangerous counterfeit goods,? said IPR Center Director Alex Khu. ?Collaborative efforts with external law enforcement agencies and industry have led to a crackdown on intellectual property theft that negatively impacts economies and funds organizations involved in other criminal activities.?

The “IPR Center” doesn’t know the difference between trademarks and copyrights?!? Shouldn’t… uh… that be seen as a problem?

Each year, the market is flooded with counterfeit products being sold at stores, on street corners and online. Additionally, criminals have taken advantage of the internet to deceive, sell and ship fake products directly to American consumers. The most popular counterfeit products seized each year include watches, jewelry, handbags, wallets, wearing apparel/accessories, consumer electronics/parts, pharmaceuticals and personal care products.

As we’ve discussed for years, multiple studies have shown that people buying counterfeit watches, jewelry, handbags, wallets and clothing tend not to be “tricked” into buying these things. Most buy them because it’s all they can afford. The studies have shown that many of these purchases are aspirational, in that these people want to buy the real thing, but can’t afford it yet. Studies have also shown that the same people who buy these knockoffs frequently will later buy the real thing when they can afford it. In short, these counterfeit purchases rarely result in any harm. The consumer has not been deceived. The trademark holder has not lost any money (and, indeed, may make money in the long run). This just seems to be ICE shutting down websites because it can.

Anyway, this press release is so bizarre, and so devoid of actual information, I’ve fired off a FOIA request asking for the details of these “seized” domains and the communications with those industry partners. Should ICE ever decide to obey the law and respond to the FOIA, we’ll share it here. I wouldn’t recommend holding your breath.

Filed Under: asset forfeiture, copyright, counterfeits, dhs, domain seizures, domains, ice, trademark

How The RIAA Helped Pave The Way For Spain To Undermine Democracy

from the seizing-domains dept

This might seem like a harsh title, but let’s go back a bit into history. In 2010, at the direct urging of the RIAA, the US government, in the form of ICE, suddenly decided that it could seize domains right out from under websites with zero due process. Specifically, the RIAA gave ICE a list of websites that it insisted were engaging in piracy. It later turned out that this list was completely bogus — and the seized domains included some music blogs and a search engine — and when ICE asked the RIAA to provide the evidence (incredibly, many months after seizing the domains…), it turns out that they had none. Even with all of this, ICE kept one blog’s domain for over a year, while denying that site’s lawyer even the chance to talk to the judge overseeing the case — and (even more incredibly) kept two other sites for five whole years.

The RIAA, who was directly quoted in the affidavit used to seize these domains (including falsely claiming that a non-RIAA song, that was personally given to the site by the independent artist in question, was an RIAA song and infringing) later tried to downplay its role in all of this, while still insisting that seizing entire domains based on flimsy claims and zero evidence was a perfectly reasonable strategy.

Fast forward to the present. Over in Spain there’s a big political fight over Catalonia independence, with an upcoming referendum that the Spanish government has declared illegal. Things got very messy with Spanish law enforcement raiding government buildings, offices and homes. There are all sorts of human rights issues being raised here, let alone questions of democracy. However, those aren’t directly the kinds of things we cover here. What did catch our attention, however, is that one of the raids was on the operators of the .cat domain, puntCAT, in order to seize the websites promoting the upcoming referendum and to arrest the company’s head of IT for sedition (yes, sedition).

As EFF’s Jeremy Malcolm explains, this should raise all sorts of alarms and concerns:

We have deep concerns about the use of the domain name system to censor content in general, even when such seizures are authorized by a court, as happened here. And there are two particular factors that compound those concerns in this case. First, the content in question here is essentially political speech, which the European Court of Human Rights has ruled as deserving of a higher level of protection than some other forms of speech. Even though the speech concerns a referendum that has been ruled illegal, the speech does not in itself pose any imminent threat to life or limb.

The second factor that especially concerns us here is that the seizure took place with only 10 days remaining until the scheduled referendum, making it unlikely that the legality of the domains’ seizures could be judicially reviewed before the referendum is scheduled to take place. The fact that such mechanisms of legal review would not be timely accessible to the Catalan independence movement, and that the censorship of speech would therefore be de facto unreviewable, should have been another reason for the Spanish authorities to exercise restraint in this case.

Whether it’s allegations of sedition or any other form of unlawful or controversial speech, domain name intermediaries should not be held responsible for the content of websites that utilize their domains. If such content is unlawful, a court order directed to the publisher or host of that content is the appropriate way for authorities to deal with that illegality, rather than the blanket removal of entire domains from the Internet. The seizure of .cat domains is a worrying signal that the Spanish government places its own interests in quelling the Catalonian independence movement above the human rights of its citizens to access a free and open Internet, and we join ordinary Catalonians in condemning it.

I agree entirely with Malcolm’s assessment, but should note that the US government (even if it wanted to, which it probably does not…) has no moral high ground here, seeing as it’s been seizing domains for the better part of a decade, with some of those earliest seizures coming on behalf of the RIAA (over trumped up charges). As Malcolm says, this doesn’t mean that all illegal content must remain online, but seizing domains is a brute force intimidation and censorship tool for governments. The RIAA should be ashamed that it helped “pioneer” this sort of government censorship.

Filed Under: cat, catalonia, censorship, domain seizures, domains, referendum, seizures, spain
Companies: riaa

5,000 Domains Seized Based On Sealed Court Filing; Confused Domain Owners Have No Idea Why

from the that-seems-problematic dept

In the past, we’d been fairly worried about governments seizing website domains with little or no notice, but it’s perhaps equally, if not more, troubling when it’s done by private individuals and companies. This was one of our concerns with the original version of SOPA, which included a “private right of action.” But, even though SOPA never became law (and the private right of action was dropped fairly early on), it appears that some courts are still allowing this to happen. Just a couple of months ago, we wrote about a troubling ruling in an Oregon district court that let a Filipino entertainment company seize a bunch of domains, in a process that was done under seal. In the past, we’ve seen other brands, like Chanel do the same thing. Louis Vuitton has also tried seizing domains.

The latest such example seems especially troubling because no one has any idea what’s fully happening, but it appears to involve Chan Luu, a jewelry and clothing retailer. The Internet Commerce Association notes that approximately 5,000 domains appear to have been seized, handed over to a private “receiver” who is now trying to sell those domains — for no clear reason. One of the victims, Michael Berkens, who lost some of his domains, has explained what little details he’s been able to find out:

Overnight I received a notice that several domain names I owned were transferred by a sealed court from Verisign without notice and of course without the court order.

The domain names just were transferred by Verisign to another domain and are now listed for sale at another marketplace.

Another domainer sent me an identical notice he received overnight on domain names he owned.

The Domain names are now all owned by COURT APPOINTED RECEIVER ? ROBERT OLEA and have been moved to Uniregisty as the registrar and are now listed for sale at domainnamesales.com

The only information that Berkens received was the following email:

Please be advised that Verisign has changed the registrar of record for certain domain names pursuant to a ***SEALED*** court order.

The domain names identified below were affected by this action.

Alexander the Great, LLC ?????????????????????????? RETRACTIT.COM

If you have any questions relating to these actions, please contact:

David J. Steele Partner, Christie, Parker & Hale LLP Adj. Professor of Law, Loyola School 18101 Von Karman Ave, Suite 1950 Irvine, CA 92612-0163 office: +1 (949) 476-0757 direct: +1 (949) 823-3232 fax: +1 (949) 476-8640 email: david.steele@cph.com

Thank you very much, The Verisign Transfer Dispute Team??

transfers@verisign-grs.com

Others have tracked down that it has something to do with this case, but with the details under seal, it’s all a bit of a mess. Here’s Phil Corwin from the Internet Commerce Association:

The only other available facts that we are presently aware of are that a copy of the ?Clerk?s Certification Of A Judgment To be Registered In Another District? issued by the U.S. District Court for the Central District of California in the case of Chan Luu Inc. v. Online Growth, LLC et al is available at the Justia website, and the order was registered in the Florida Middle District Court. The other defendants in the case are ?Grant Shellhammer et al?. There was a considerable time lag in this proceeding, with the original judgment entered in California on May 23rd, the certification dated September 8th, and the domain transfers occurring around October 2nd. The damages granted to plaintiff are $200,000 plus interest, court costs and attorney fees; we note that there is a strong possibility that the domains transferred in this case may have an aggregate market value far in excess of that total judgment, and that is likewise disturbing. The California court document covers domains that are identical or confusingly similar to Plaintiff?s CHAN LUU mark ? but we?re not sure if the domain cited by Mike in his article, RETRACTIT.COM, or any of the other transferred domains fit in that category. Chan Luu is a retailer of jewelry, accessories, and ready-to-wear clothing based in Los Angeles, and so far as can be discerned makes no commercial use of the term ?retractit?, so it is unclear why that domain was covered by the court order.

This is problematic on many, many levels — and is exactly why we’ve been so concerned about any process that allows for domain seizures without any sense of due process. In this case, with all the details under seal and the domain owners having their websites simply ripped away from them with no explanation at all, it should raise serious questions about why courts are allowing this to occur. To take domain names away from people who aren’t even parties to a lawsuit, based on a sealed document, and then to immediately put them up for resale seems sketchy beyond belief.

Filed Under: domain seizures, domains, due process, michael berkens, secrecy, trademark, transparency, under seal
Companies: chan luu, verisign

from the that's-the-well-thought-out-quote? dept

Just about two years ago, we wrote about the DOJ seizing three websites that were allegedly set up to let people download cracked versions of fee-based Android apps. As in the past, we were somewhat troubled by the government’s willingness to seize websites without any form of adversarial hearing. As far as we can tell, such actions clearly violate the First Amendment as per the ruling in Fort Wayne Books v. Indiana. Either way, two years later, the government has finally gotten around to indicting some of the folks behind the three sites: Appbucket, Applanet and SnappzMarket. It’s entirely possible that those indicted did break the law, though the fact that in all three cases the feds first got some of the other participants to take a plea deal in which they supply evidence against the others and that most of them were only charged with one or two counts on things like “conspiracy to commit criminal copyright infringement” suggests a fairly weak case. This is a DOJ that we’re used to seeing pile on dozens of charges.

But, what caught my attention is the ridiculous rhetoric from the DOJ in announcing these indictments. The most bizarre and stupid line has to go to US Attorney Sally Quillian Yates of the Northern District of Georgia:

?Copyright infringement discourages smart people from doing innovative things,? said U.S. Attorney Yates. ?This problem is especially acute when it comes to rapidly developing technologies, like apps for smart phones, and these defendants are now being held accountable for the intellectual property they stole.?

Note that this isn’t just a random quote in an interview. This is the quote that Yates put in the press announcement, meaning that multiple people vetted this and thought it was appropriate. First off, I’m curious: which “smart people” have been “discouraged” from “doing innovative things” because of copyright infringement? Does Yates honestly believe that some brilliant app developer out there had an idea for an app and said… “nah, if I make that, people will just infringe, so screw it.” There may be a reasonable argument that some developers may not make as much money as they otherwise might have — and that leads to fewer resources to focus on development. But the idea that it scares people off from actually doing work is… simply not true.

And even if the statement were true, is that really the yardstick we want to measure things by? Because I can also show plenty of cases where copyright infringement has actually encouraged smart people to do innovative things. The creation of important peer to peer technology was built on the back of the desire of some to infringe. The amount of creative and innovative work based on infringement is pretty damn high. If we’re going to get into a pissing contest over whether infringement inspires or discourages innovation, US Attorney Yates is going to lose badly. Very badly.

Also, what “intellectual property” did they “steal?” This is a US attorney, and as far as I can tell, none of the indictments involve anything relating to any statutes on theft. Furthermore, nothing seems to involve them taking the copyrights away from original owners. At most, it appears that these individuals set up sites for the sharing of infringing copies of apps. If you’re talking about “theft” of “intellectual property” you kinda have to be talking about someone taking someone else’s copyright (or patent or trademark), otherwise you’re saying things that are simply inaccurate.

Next up, we have “Special Agent in Charge J. Britt Johnson of the FBI?s Atlanta Field Office.”

?Today?s federal indictments are the direct result of an extensive and thorough federal investigation into three groups of individuals aggressively engaged in and profiting from the theft of intellectual property,? said Special Agent in Charge Johnson. ?While copyright infringement is the direct theft of the hard work of others in the form of research and development expended, it can also negatively impact incentives for further or future development of those ideas or applications. The FBI will continue to provide significant investigative resources toward such groups engaged in such wholesale pirating or copyright violations as seen here.?

Copyright infringement is “the direct theft of the hard work of others.” How do you “steal” the hard work of others? And where in the indictment is anything having to do with actual theft, rather than copyright infringement?

It’s troubling that the DOJ seems to have taken the copyright industry’s bogus language of “theft” and “stealing” and falsely applied it to issues related to infringement. Even if these individuals broke the law, you’d hope that the DOJ would at least accurately portray the indictment and charges against the individuals, rather than making plainly ridiculous claims. The problem, though, is that this is what happens after a generation of entertainment industry execs spew misleading garbage about how infringement is “theft.” A bunch of DOJ folks who don’t understand intellectual property just act as if this is the same thing, even though it isn’t even close.

Filed Under: android, apps, britt johnson, copyright, criminal copyright, doj, domain seizures, fbi, sally quillian yates, theft
Companies: appbucket, applanet, snappzmarket

After Microsoft Returns All Of No-IP's Seized Domains And Settles Lawsuit, No-IP Is Still Angry

from the reasonably-so dept

We recently wrote about Microsoft going to court and convincing a judge to (with no adversarial hearing) allow it to seize a bunch of domain names from No-IP, redirecting all traffic to them through Microsoft’s own servers. Those servers quickly encountered problems, meaning that many people who relied on No-IP’s dynamic DNS system, found that they couldn’t access their sites. Microsoft later blamed this on a “technical error” but it still appeared that the seizure effort was a gross abuse of the legal process. Remember, in the lawsuit that allowed Microsoft to seize the domains, it had claimed that No-IP parent Vitalwerks had been breaking the law.

Either way, it appears that Microsoft has now returned all the domains to No-IP and settled the lawsuit. According to a joint statement by the companies:

Microsoft has reviewed the evidence provided by Vitalwerks and enters into the settlement confident that Vitalwerks was not knowingly involved with the subdomains used to support malware. Those spreading the malware abused Vitalwerks? services.

Microsoft identified malware that had escaped Vitalwerks? detection. Upon notification and review of the evidence, Vitalwerks took immediate corrective action allowing Microsoft to identify victims of this malware. The parties have agreed to permanently disable Vitalwerks subdomains used to control the malware.

In the process of redirecting traffic to its servers for malware detection, Microsoft acknowledges that a number of Vitalwerks customers were impacted by service outages as a result of a technical error. Microsoft regrets any inconvenience these customers may have experienced.

No-IP for its part has also put out a more detailed explanation for how all of this happened. It’s worth reading. It also takes apart a number of Microsoft’s claims, including the company’s claim that, prior to returning the domains, it had “fixed” the problems people were having accessing their sites. No-IP reiterates that if Microsoft had just contacted the company first, it would have taken down the abusive customers. Clearly, even though the situation was settled, No-IP is reasonably upset that it happened in the first place:

While we are extremely pleased with the settlement terms, we are outraged by Microsoft?s tactics and that we were not able to completely and immediately restore services to the majority of our valuable customers that had been affected.

At No-IP, we are firm believers that the Internet should be free and open. We will continue to fight for the rights of our users and our business. Moving forward, we have provisioned a solution that will reduce the risk of domain seizures.

Later it notes:

We hope that Microsoft learned a lesson from this debacle and that in the future they will not seize other companies domains and will use appropriate channels to report abuse.

Wouldn’t that be nice.

Filed Under: domain seizures, dynamic dns, ex parte
Companies: microsoft, no-ip, vitalwerks

Feds Ignore First Amendment, Supreme Court Precedent In Seizing Domain Of Social Network For Sex Workers

from the based-on-what? dept

The disturbing trend of the federal government seizing domain names without regard to the First Amendment continues. The FBI, along with the IRS, apparently seized a number of websites associated with MyRedbook.com, and arrested the operator of the site. The FBI notes that the site, which was a social network and resource for sex workers, included advertising that “facilitated prostitution.” It also accused the site of money laundering.

However, as the EFF is noting beyond the question of whether or not the FBI should even be in the business of targeting sex workers, there are serious First Amendment questions around such a seizure of a website:

MyRedBook and its companion sites served a large and diverse community of sex workers. The sites functioned as social media platforms, with discussion boards for users in topics from politics to financial tips. It also served as a resource guide with information ranging from explanations of the law as it pertains to sex work to health information. For archived versions of the forums sex workers no longer have access to, click here.

These sites were essential tools for First Amendment protected speech and association?especially important for a community that values its privacy for a variety of legitimate reasons. This platform has been pulled out from under the feet of this community.

As we’ve discussed many times in the past with regards to the government’s seizure of websites, these appear to be classic cases of prior restraint — the effective equivalent of the government rushing in and smashing the printing presses for a publication. In Ft. Wayne Books. v. Indiana, the Supreme Court is quite clear that the government can’t just go in and seize protected speech based on related illegal activity, especially without first holding an adversarial hearing to explore the First Amendment implications. The court noted:

…our cases firmly hold that mere probable cause to believe a legal violation has transpired is not adequate to remove books or films from circulation.

The court is quite clear that the only purpose for which seizure is appropriate in such circumstances is to procure a single copy for the sake of evidence, but not to remove protected speech entirely from circulation. While that case was about RICO claims of racketeering, and this case is about money laundering and prostitution, the same principles should and do apply:

At least where the RICO violation claimed is a pattern of racketeering that can be established only by rebutting the presumption that expressive materials are protected by the First Amendment, … that presumption is not rebutted until the claimed justification for seizing books or other publications is properly established in an adversary proceeding. Here, literally thousands of books and films were carried away and taken out of circulation by the pretrial order…. Yet it remained to be proved whether the seizure was actually warranted under the Indiana CRRA and RICO statutes. If we are to maintain the regard for First Amendment values expressed in our prior decisions dealing with interrupting the flow of expressive materials, the judgment of the Indiana Court must be reversed.

I can’t see any legitimate way that the DOJ/FBI can defend this seizure under such a standard. It clearly took down significant aspects of protected speech based merely on the assertion of related criminal activity, without any sort of adversarial hearing. The First Amendment, and the specific statements of the Supreme Court in this case, clearly forbid such actions.

Filed Under: domain seizures, fbi, first amendment, free speech, irs, money laundering, prostitution, sex workers, social network, supreme court
Companies: myredbook

from the due-process-matters dept

Just a few months ago, the City of London Police announced that it had set up a special ” Intellectual Property Crime Unit” — which was immediately, and gleefully, welcomed by the legacy record labels. The whole thing seemed fairly bizarre, given that copyright should generally be a civil issue, and even when it’s a criminal issue, at best it should be a federal issue, not a local police issue — especially when you have local police who almost certainly don’t understand the basic nuances of copyright issues. However, in what appears to be an effort to justify their existence, the City of London IP Crimes Unit has jumped into the deep end without looking. Beyond quickly arresting some folks, this week they demanded that EasyDNS take down a website for a BitTorrent search engine, claiming copyright infringement, based on their claims alone.

They did not present a court order. They did not present a conviction. They just told EasyDNS to do it — and (worse) threatened EasyDNS with punishment for not obeying, claiming (falsely) that it could lose its accreditation as a domain registrar. EasyDNS’s Mark Jeftovic, who is incredibly well-versed in these issues (having spoken out previously on bogus domain name seizures) posted a fantastic response, which we’re going to post at length. There’s more than this, but it’s worth reading the whole thing.

Who decides what is illegal? What makes somebody a criminal? Given that the subtext of the request contains a threat to refer the matter to ICANN if we don’t play along, this is a non-trivial question. Correct me if I’m wrong, but I always thought it was something that gets decided in a c ourt of law, as opposed to “some guy on the internet” sending emails. While that’s plenty reason enough for some registrars to take down domain names, it doesn’t fly here.

We have an obligation to our customers and we are bound by our Registrar Accreditation Agreements not to make arbitrary changes to our customers settings without a valid FOA (Form of Authorization). To supersede that we need a legal basis. To get a legal basis something has to happen in court.

The request also suggests we look at the whois contact information for the domain (which looks perfectly valid) and go ahead and suspend the domain based on invalid whois data. Again, there’s a process for that, you have to go through the ICANN Whois Inaccuracy Complaint process and most of the time that doesn’t result in a takedown anyway.

What gets me about all of this is that the largest, most egregious perpetrators of online criminal activity right now are our own governments, spying on their own citizens, illegally wiretapping our own private communications and nobody cares, nobody will answer for it, it’s just an out-of-scope conversation that is expected to blend into the overall background malaise of our ever increasing serfdom.

If I can’t make various governments and law enforcement agencies get warrants or court orders before they crack my private communications then I can at least require a court order before I takedown my own customer.

Furthermore, Jeftovic notes that the police ordered him to redirect all of the traffic to a different site that promotes some content services that the entertainment industry likes, and noted that this was a fairly obscene form of intimidation for the sake of local protectionism of favored industry players:

In other words, they are ordering us to take down competing websites, with no legal basis, hijacking the traffic, and redirecting it to competing commercial services, all of which are based out of (guess where?) London, UK.

This whole thing is fairly stunning, and Jeftovic even suggests he wasn’t sure it was real at first, though the headers from the email suggest that it’s legit. Furthermore, it appears that this was not a one-off situation. TorrentFreak is reporting that the City of London Police sent out a bunch of these letters to various registrars, targeting a variety of sites — with no evidence that there’s a court order, or indeed any court case at all, with all of them. And while EasyDNS isn’t complying, it appears that many other registrars did get intimidated into shutting down these sites.

The thuggish behavior and lack of due process isn’t that surprising. Combine a “respect my authority” law enforcement mentality, with people who don’t have much (or any) experience with the nuances (or history or purpose) of intellectual property issues, and you’re going to get this kind of overreaction. Add to that the likelihood that the legacy industry helped provide the extreme (and wrong and misleading) version of copyright law, and is it any wonder that the police seemed to just start demanding websites be pulled down willy nilly just because the police think they’re illegal?

If you only were to hear the legacy movie studios’ and record labels’ version of things, copyright is about establishing their very important business model, and anything that threatens that must be illegal. If you see a service that enables some form of infringement, well, that must be illegal, too, right? Of course, they won’t realize that copyright is not about establishing a business model for those gatekeepers, that blaming tools & services for the actions of their users is a recipe for killing innovation, and (most importantly) that these things are rarely black and white. And that’s why you have due process.

The City of London IP Crime Unit has only been around for a little over three months. One hopes that they’ll actually learn something before pulling these kinds of censorious, abusive and thuggish stunts in the future. And, while we’re at it, it seems reasonable to call for shutting down the whole unit in the first place. IP crimes are not an issue for an ignorant metropolitan police force. The unit never should have been set up in the first place, and this little cowboy censorship action highlights why the unit deserves to be quickly retired.

Filed Under: city of london, city of london police, copyright, domain seizures, due process, london, search engines, uk
Companies: easydns