[CIMC-working] Big Brother and your browser
donald goldhamer
Don.Goldhamer at pobox.com
Wed, 5 Mar 103 18:02:29 CST
This may affect many of us soon... especially the IMC's!
--Don
---------------
This NEWS.COM (http://www.news.com/) story has been sent to you from Don
Big Brother and your browser
By Declan McCullagh March 3, 2003, 4:00 AM PT
http://news.com.com/2100-1071-990697.html
CNET News.com's Washington Watcher Declan McCullagh warns that the Justice
Department's recent Web site domain seizures raise novel legal, technical
and privacy concerns.
------------------------------------------------------------------------------
Big Brother and your browser
By Declan McCullagh
March 3, 2003, 4:00 AM PT
http://news.com.com/2010-1071-990697.html
WASHINGTON--The U.S. Justice Department is experimenting with an Internet
crime-fighting technique that raises novel legal, technical and privacy
concerns.
The tactic: domain name forfeiture. In two separate cases last week, the
Justice Department seized domains for Web sites that it claimed were
engaging in illegal activity.
The first set of domains were allegedly used to sell drug paraphernalia
such as bongs and marijuana cigarette holders. Now visitors to
PipesForYou.com, 420now.com, OmniLounge.com and ColorChangingGlass.com are
greeted by this hair-raising alert: "By application of the United States
Drug Enforcement Administration, the Web site you are attempting to visit
has been restrained by the United States District Court for the Western
District of Pennsylvania."
The second case involved David Rocci's iSoNews.com, which he handed to the
feds as part of a plea bargain in which he admitted to selling illegal
"mod" chips for Xbox and PlayStation game consoles. Rocci will be sentenced
under the Digital Millennium Copyright Act (DMCA ) on March 7 before a
federal judge in Alexandria, Va.
iSoNews.com now says: "The domain and Web site were surrendered to U.S. law
enforcement pursuant to a federal prosecution and felony plea agreement for
conspiracy to violate criminal copyright laws."
Because domain names can't be squeezed into traditional legal categories, a
novel problem arises: They're not ordinary property like cars or boats,
which can be seized and resold without worries. It's true that domains can
be an instrument of a crime, but Web sites and mailing lists are also spots
where people meet, chat and search for information--without expecting that
ownership may switch hands silently and abruptly.
That's why we should think twice before applauding this trend in police
power. One reason is that the Justice Department's privacy policy allows it
to hand over information it collects from people visiting seized Web sites
to "appropriate law enforcement officials" for criminal prosecution.
It's possible to imagine a scenario where an innocent Web visitor becomes
unfairly targeted by the Feds. It's legal to browse the Web for information
about illegal drugs and even legal to read about bypassing copy-protection
technology (though under the DMCA, researchers writing such papers may have
cause for concern). But in a newly security-conscious climate, the Justice
Department may not be terribly sensitive to Americans' First Amendment
rights and may assume the worst about visitors to its collection of seized
domains.
What's more, the Justice Department is able to review the search terms that
people type in before connecting to the seized site from search engines
such as Google or AltaVista. That's because Web protocols pass the search
terms to the destination site in the Referer: header.
A third problem with the Justice Department's tactic is that criminal
defendants are innocent until proven guilty. While Rocci pleaded guilty to
DMCA crimes, the people raided last week for selling "drug paraphernalia"
online did not. But even if they're eventually acquitted by a jury, what
value will their domain name have if it's been tarred by Justice Department
ownership for the past few years?
A better solution: Simply yank the domain name. Do what frequently happens
in civil lawsuits, which is to take the Web site offline temporarily and
place the domain name in the custody of the court system.
This domain-forfeiture technique is not unique to the Justice
Department. In December, according to a report by Nathan Cochrane in
Australia's The Age newspaper, the Australian government seized a Web site
that was selling bogus "purple plates" that purported to strengthen the
human immune system.
Purple-Plates.com, the domain name in question, now sports a note saying:
"This notice has been placed pursuant to an order of the Federal Court of
Australia as a result of action taken by the Australian Competition and
Consumer Commission pursuant to s.52 of the Trade Practices Act."
A federal sting operation? What appears to be the first case of this sort
arose in 1996, when the Cult Awareness Network--which warned of the dangers
of unconventional religions--was sued into oblivion by the Church of
Scientology. A bankruptcy court judge placed the group's assets including
cultawarenessnetwork.org up for auction--and the winning bidder was--you
guessed it--Scientology.
Mark Rasch, a former federal prosecutor who's a vice president at
Solutionary in McLean, Va., represented Cult Awareness Network during its
demise. After Scientology gained control of cultawarenessnetwork.org and
promptly began reading e-mail sent to the old addresses, Rasch told me on
Friday, "people thought they were communicating confidentially with an
anti-cult group when they were talking with their enemies."
Now, let me be clear. That's not what the Justice Department is doing
today. There are clear notices on the sites that the government seized last
week. (Although e-mail sent to the postmasters and Webmasters is now read
by the Justice Department.)
The disturbing thing is that it would be legal for the Justice Department
to seize control of a purportedly illegal site and set up a sting operation
tomorrow. In a landmark 1992 Supreme Court case, Jacobson v. U.S., the
justices ruled that police may set traps for people who are already
"independently predisposed to commit the crime." (A dissent went even
further, saying the government could initiate contact with people who had
no predisposition to break laws--a rule that would permit the FBI to spam
Americans with enticements to commit crimes.)
"That would not be entrapment any more than a woman who's an undercover cop
standing on 14th and W streets dressed as a hooker would constitute
entrapment," said Rasch, talking about the kind of sting Web site that
would be legal today. "You still have to go over to her and negotiate
prices and services...(The Justice Department) could take over an Islamic
foundation, keep the content the same, transfer the domain name to itself
and keep on communicating with people without telling them they're talking
with the government. It would be able to monitor communications on the site
because it now owns it."
If the Justice Department's actions augur a law enforcement trend, an
unintended consequence might be to drive possible targets to shift
operations overseas. A Web site selling bongs and chillums may be unlawful
in the United States, but a domain registrar in the relatively permissive
Netherlands may not be eager to hand it to the Justice Department. (And
there are always alternative root servers, which supplement existing
top-level domains with a slew of extra ones such as .food, .xxx, and
.kids.)
At least for now, though, there's good news for habitual readers of the
seized iSoNews.com. In the last few days, after losing its domain name to
the Justice Department, the Web site popped up again in a new spot: The
aptly named StoleMy.com.
Copyright )1995-2003 CNET Networks, Inc. All rights reserved.