Feeds

back to article Cyber cops want stronger domain rules

International police have called for stricter rules on domain name registration, to help them track down online crooks, warning the industry that if it does not self-regulate, governments could legislate. The changes, which are still under discussion, would place more onerous requirements on ICANN-accredited domain name …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

This has bugger all to do with child abuse

Seriously, how stupid do they think we are?

8
0

@AC 22jun2010-09:59gmt

Obviously, "stupid enough", seeing as "think of the children" seems to be the very popular, and very successful, and increasingly unrelated rallying cry for the current crop of fascists not just in the UK, but all over the place.

5
0
Black Helicopters

raising the bar

This is about raising the bar for website creation with the ultimate aim of having an internet that hosts only corporate websites and middle management companies with hosted webspace such as geoshitties and aohell.

1
1
Black Helicopters

agreed ...

Perhaps that also has something to do with the reluctance to adopt IPv6. Without that, there will be increasing (lack of available numbers) pressure on ISPs to keep their subscribers on WANs with private IP addresses, rather than real internet addresses. Funnily enough, that would stop unauthorised persons from running servers of any sort, not just web servers. One could imagine Mr Plod thinking that the internet would be much more controllable like that.

Definitely black helicopter country here!

0
0
Welcome

Follow the money

Anyone who wants less criminal spam should welcome balanced measures here which don't prevent identified entities from proxying for genuine privacy needs. All the domain registrar should need is the account number and originating bank sort code from which the payment for the domain is made, so if a registration is linked by an investigation with criminal behaviour the police should find tracing the money gives better information than the IP address of a fast fluxing mobile internet connection or one used by an Internet cafe.

Retaining payment details securely shouldn't increase the cost to the registrar of registering a domain as this is likely to be done for sound business reasons anyway, so that a returning customer doesn't need to give all their credit card details every time for a repeat purchase. The lawmakers can hardly complain if the Internet industry can't cough up the information they want if the banking industry can't either, unless they admit that the banks are above the law. This may limit payment options for domain registration, though I doubt many registrars accept cash anyway, and even if they did there's no reason they couldn't insist on cash presented in person with ID and a transaction charge commensurate with the increased cost.

Try before you buy domain registration should have been stopped a long time ago. So if there is always a payment involved, and no reason for the payment not to be traceable, I don't see much reason for plods chasing ISPs for secure customer ID rather than banks.

0
0
FAIL

Stolen Credit cards

If the domain is paid for using a stolen card then the 'follow the money' idea fails. Since stolen cards are routinely used to purchase hosting I can't believe they're not used for domain purchases as well.

0
0
Bronze badge

Varying standards.

The card I have in my pocket is "Verified by Visa", which means I have to supply a password when I buy goods over the Internet. Except that not every retailer uses the system.

This would be an extra barrier against the use of stolen cards in the Internet context. Instead, it currently seems to be rather local, and more about settling liability for the losses arising from these fraudulent purchases.

I doubt it will work everywhere, but payment information can be an effective tool.

0
1
Silver badge

Here we go again

Paul Hoare of the UK Serious Organised Crime Agency said: "It should be the case that the owner of the domain illegalextremepornanimalsexthinkofthechildren.co.uk , sendyourlifesavingstoaconmaninnigeriayoufuckingidiot.co.uk , or visitheredownloadmalwareandinadvertantlyhandoverallyourbankdetails.co.uk has registered with their correct name, address and contact details so that our job involves absolutely no effort whatsoever. This will enable us to take down the site, it's registered owner and thus pretend we've solved the crime."

Tw@t.

1
0
Bronze badge

Climate of fear?

“We must ensure we create a climate of fear, where the criminals understand we will find them and prosecute them," Paul Hoare said. (http://www.v3.co.uk/v3/news/2259605/soca-stamp-dns-abuse)

It often seems to be overlooked is that a large proportion of hard-line criminals have psychopathic traits and so don't have quite the same social and fear responses as the rest of us. Another group of criminals is playing the game of 'cops and robbers' so will tend to get off on situations that are mildly frightening and so seek them out rather than avoid them.

A climate of fear generally helps no one in the long term. The promoters and some associated players may get a little more power for a while but the main losers are ordinary folk and not the wrong-doers.

3
0
Silver badge

*ANOTHER* fucking climate of fear?

Booooooooring.

0
0

digital certificates for all

Wouldn't a lot of this - spam email, fake domain registration etc - be solved by simply enforcing a layer of proof?

Take two forms of ID and a USB key to the Post Office and they generate a digital certificate for you that you attach to your outgoing email. If I receive an email without a cert then I reject it. If you try to register a domain without being able to upload your cert to attach to the details (no need to enter your name, address or phone number because they get read from the cert)... then it gets rejected.

Maybe it doesn't even need to be the Post Office... perhaps your bank could verify your email address (when you opt-in for internet banking) and your next credit card includes a certificate issued by First Direct or whoever that includes your mailing address, name, email address etc that you slip into the handy reader every PC would no doubt be equipped with (eg http://www.gemalto.com/readers/pc-link.html) and for added security they can request online transactions use the cert for authentication as well

Companies already have certs issues by Verisign and the like so for domain registration and corporate email systems they could simply attach the company cert (or for outgoing mail automatically pull the individuals cert from a store)

It's important that we use technology in a smart way to prevent faceless agencies restricting what we can and can't do in the name of keeping us safe when by being smart and deploying the right technical solutions can make everyone safer without costing them their freedom.... we are IT professionals after all so let's stop politicians doing our job

0
1
Silver badge

That's fine...

...if you are only ever going to receive emails from the UK and everybody that you're ever going to exchange messages with 1) has no objection to getting clipped by the Post Office (you think they'd do it for free?!) and 2) that you don't mind handing your home address and phone number to everybody you email.

In my work, I find myself exchanging emails with complete strangers on a frequent basis and I'm damned if I want to be adding my personal details to every exchange. Most of the time it would be fine; but just occasionally....... Plus, the Direct Marketing Association et al would definitely be early adopters of the certificate reading gear, because then they could hit your landline and snail mail for their campaigns too.

All such a certificate would prove is that "person X had access to Photoshop and £30 (or whatever the registration fee is) at one point in their lives".

0
0

This post has been deleted by its author

Silver badge

Execpt that

Only people in cities would be able to register domains under that system. Your idea sounds fine until you realize that many people live in rural areas and all mail goes to a post box. Just try buying something on-line if you live outside of town, and you'll see what I mean.

0
0
Anonymous Coward

Harder not impossible

Its a way of making sure there's a physical address tied to the registration, I don't think the author suggested it as the only way and it would have to be setup to account for circumstances.

The idea is to make the disguised registration that bit harder to acomplish.

0
0
Anonymous Coward

Apart from the fact this is just another power exercise...

...there's also the simple fact that - as in so many areas of law enforcement - the law-abiding don't affect the issue, and the law-breakers don't give a damn.

1
0
Silver badge

I still contend that with the current crop of CAPTCHAs,

a bot has more of a chance at successfully submitting the correct answer than an actual person does.

Personally I'd be okay with a third party registrar having my details file away and them presenting the public face for the whois registry, and the requirement that the police need to present a search warrant to get the information. I just don't see that helping the police track the bad guys. For all the trouble you'd think it would be to setup a false front for a business, lots of crooks do fairly frequently. About $400 to Chico downtown for a fake ID, setup some bank accounts, rent a cheap apartment, rent a cheap spot in a warehouse using the fake ID... The names, places and prices would change in the UK of course, but the principle would be the same. And still leaves the rest of us normal folks depending on signature based spam filters to keep some of the crap out.

0
1
Grenade

It's about friggen time....

Someone needs to get after these registers. No more of these cybersquatting. Hopefully no more [or reduced] malware sites.

You can complain to a register who had registered [for example] the name www.theregister.us or www.tomshardware.co.uk that who ever is running those sites are cybersquatting but they don't care. They just want their money. ICANN should give a monetary penalty for every domain they improperly registered knowing that the domain is hinky.

It should be up to the registrar to verify that all domains they register are legal.

[Would be nice if the registrars were also force to check that there is no illegal activity or shut down a domain if malware is found on the site.]

0
0
This topic is closed for new posts.