Police in the UK could get new powers to suspend internet domain names without a court order if they're being used for illegal activity, under rules proposed to .uk registry manager Nominet. A Nominet volunteer policy team has recommended the creation of an "expedited" process for shutting down addresses when the police say "the …
Whilst I'm all for protecting the average Joe/Julie Bloggs this, to me at least, sounds like the start of a VERY slippery slope...
Freedom? We've heard of it...
Title not allowed
"Freedom? We've heard of it..." but our kids probably won't of
"Freedom? We've heard of it..." but our kids probably won't of
But will they 'have' heard of it?
Slippery slopes again.
>>"Whilst I'm all for protecting the average Joe/Julie Bloggs this, to me at least, sounds like the start of a VERY slippery slope..."
But *any* change /could/ be viewed as the start of a slippery slope, given a suitably-chosen direction of gravity.
Except that in reality, once people are actually standing on them, most slopes seem to be decidedly less steep or slippery than some people feared.
I'm sure that there were people arguing that the removal of the requirement for vehicles to be preceded by someone carrying a red flag was a slippery slope to people being allowed to drive at 300mph through village streets.
Isn't the important thing to examine a particular suggested change and make a judgement as to whether that change is good, bad or neutral in itself, rather than considering some hypothetical scenario which may be a bit like the suggested one, but taken to some distant extreme?
And even when examining the possible benefits/drawbacks of a particular proposed change, surely the sensible thing is not to focus /solely/ on the potential worst cases, but on the likely overall balance of good and bad, or consider steps which might be taken to reduce the chances of the worst outcomes happening (like having meaningful compensation in the case of a domain being unfairly blocked)?
"But will they 'have' heard of it?"
If they had, he would of said
More worrying to me, is witnessing fraudulent retail and pay-by-card services websites which are obviously hoovering up thousands if not millions of £GBP, and there appearing to be no efficient means by which they can be squashed in time to stop people losing their money.
A while ago, there was a site, selling everything for about 50% of what it should cost - iPhones, laptops, mobile phones, you get the picture... and all of its products were RSS-ing straight into Google Product Search. Nobody I spoke to had a clue what to do about this. Plod needs a quick procedure of stopping this kind of thing - and likewise fraudulent ticket sales scams and the like, among other scams.
Am I to take from your post that you think that giving Plod this level of judicial authority, without formal oversight by the courts, is a good thing? And as for "consider steps which might be taken to reduce the chances of the worst outcomes happening (like having meaningful compensation in the case of a domain being unfairly blocked)?" exactly how much compensation did you have in mind, how do you actually formulate 'meaningful' compensation. And who would foot the bill for said compo? Would that be the particular Plod taking the action personally paying the compo? No, it would end up being the rest of us shelling out for Plod's screw-ups as usual.
I believe the 'slippery slope' referred to is the political expediency of giving Plod ever increasing, unchecked judicial 'authority' without reference to the courts. (Cue police state).
Plod needs to be put back in his collective box, and reminded that his purpose is to uphold the law, and that it is the court's purpose to enforce the law.
The whole point of the court order is to inject some common sense and allow the request to be heard from a neutral stand point precisely so that the police do not just arbitrarily go around causing havoc.
What next? allow the police to simply arrest and jail someone without due process because its "urgent"? "It will never happen!" I hear you cry but this is the start of a very slippery slope indeed.
We are slowly sleepwalking into a bloody nightmare.
We live under a dictatorship - we only get to choose the dictator.
>>"The whole point of the court order is to inject some common sense and allow the request to be heard from a neutral stand point precisely so that the police do not just arbitrarily go around causing havoc."
At the moment, would an initial court order generally be the result of a one-sided presentation of evidence to a judge by police or lawyers acting on behalf of the state, or would there typically be any involvement of a domain owner?
At least for cases which legality of a site seemed borderline or where it seems an owner might well be unaware of supposed illegal content, I'd wonder how often a domain owner who is actually contactable currently is contacted before attempts are made to seize the domain, and if that happens to a meaningful degree now, would that be likely to change much even after a change to the seizure system?
>>"I believe the 'slippery slope' referred to is the political expediency of giving Plod ever increasing, unchecked judicial 'authority' without reference to the courts. (Cue police state)."
But the basic problem with 'slippery slope' arguments is that they're fundamentally lazy and typically logically inconsistent.
They seem to assume an effective /inevitability/ about the future being a wild extrapolation of some proposed change to the current situation.
However, if that is a valid logical argument now, then presumably if the exact same logic had been applied in the past to one of any number of past changes, the conclusion then would presumably have been that where we currently are is already past what would have been previously imagined as some point of no return.
Either that past conclusion is correct (in which case we may as well give up) or it isn't, in which case the slippery slope argument logically fails.
It's also a fairly patronising kind of argument, implicitly suggesting that /other/ people will be too stupid/idle/sheeplike to do anything in the future even if things actually do get bad, while simultaneously demonstrating how foresighted the proposer of the argument is now, even though many other people taking a more pragmatic view of the situation are perfectly capable of /imagining/ potential extreme extrapolations while understanding that those aren't necessarily the primary thing that should be taken into account when looking at a particular proposal.
Given the *actual* change under discussion rather than paranoid worries about what it possibly could (or 'obviously will') lead to in the distant future, what seems to be important is what would actually happen in the cases where a domain is wrongly seized where that seizure wouldn't have happened in the current situation - how quickly could a decision be challenged, and what (if any) compensation might be available.
>>"Am I to take from your post that you think that giving Plod this level of judicial authority, without formal oversight by the courts, is a good thing?"
If wrongful seizures can be appealed, there would be oversight after the event, as there is in all kinds of other situations, such as considering whether an arrest or seizure of property was legal.
As for how bad or good it might be, what seems most important is not whether there's a theoretical possibility of misuse or abuse, since there will be that possibility in the case of any power granted to anyone, but how much that misuse/abuse will happen in practice and what kind of redress there might be.
How much happens in practice is something that is only clear over time, even if educated guesses can be made, (though I'd venture that the people assuming maximum possible abuse are probably not making the most educated of guesses).
What kind of redress there might be is something that isn't currently clear.
Personally, I prefer to wait for adequate information before making a judgement, though I understand that some other people feel differently.
One thing that does seem probable is that if the suggested power was repeatedly used to seize domains where there wasn't a valid legal case, whether through malice or incompetence (in the way that many slippery slope people seem to assume it necessarily would be), that would be likely to cause reactions which would lead to a modification of the power or changes in its application.
Though even if that happened, it wouldn't seem to be at all likely to make the lovers of slippery slope arguments actually think about what they'd predicted and how things ended up - they'd only see any misapplication of the power as proving they were right all along, but ignore whether the power had actually been used for the common good in other situations, and also ignore any corrective action taken which was seemingly moving the world up the slippery slope, rather than down it.
>>"how do you actually formulate 'meaningful' compensation. And who would foot the bill for said compo? Would that be the particular Plod taking the action personally paying the compo? No, it would end up being the rest of us shelling out for Plod's screw-ups as usual."
I guess in a decent system, it'd be up to courts to consider potential compensation, bearing in mind any losses suffered.
Would personal financial accountability mean that if a judge currently makes a wrong decision in granting a right to seize a domain, (or in other areas, like making an incorrect ruling which leads to a wrongful criminal conviction) the /judge/ should be personally liable to pay compensation?
If so, who'd be a judge?
If not, then why should the police be treated differently?
And as for who ends up paying, surely the logic is that the primary aim of compensation is to recompense someone for losses unfairly imposed on them, with penalising the people responsible and/or getting them and others to be more careful in future being a different issue, and one which could be pursued in various ways.
@very long post
I have a word for you. RIPA. now go back, read your post again in relation to what happened with RIPA and reflect on what a load of hopeful, but for that dangerous, nonsense it is. And BTW it's not the slippery slope metaphor, but the thin end of the wedge metaphor which applies here. The slippery slope metaphor implies you lose control at an increasing velocity, which is not how it works. The thin end if the wedge argument implies the government are free to keep tapping the wedge with a hammer every now and again at a time of their choosing. Tap it sharply but lightly and no one is motivated to complain.
Nobody likes bad service or long wait on the phone to receive impersonal customer service, but according to your argument, it's patronizing to suggest we could get a society where people are herded like sheep and do nothing about it - sorry, bad news for you, but it seems we already got that. The problem of bad customer service isn't fixed because no one individual has enough to gain by "taking on the system" so we all just relate tales of woe re: how bad our experience with Virgin, or BT or whoever else has been. And when there is inaction, a further problem is government policy like this starts to inject fear into the system. Not out and out obvious, "they're burning down the houses" fear, but fear of an interruption to easy life. "I'll leave it to the activists to take action, I have a business and a family and too much to do and too much to lose."
Lastly, your argument can be summarized as the "don't worry it won't happen" argument. But history has proven it can and does happen. Do you thunk the Germans had a different inferior class of civilized society and democracy than the rest of Europe before the Nazis grasped power?
First they came for the communists,
and I didn't speak out because I wasn't a communist.
Then they came for the trade unionists,
and I didn't speak out because I wasn't a trade unionist.
Then they came for the Jews,
and I didn't speak out because I wasn't a Jew.
Then they came for me
and there was no one left to speak out for me.
The above quote is historical. It is powerful precisely because *it happened*
Not so much a slippery slope
- more like the thin end of a very fat wedge.
Slippery slopes again
Having someone walking in front of a car seem ridiculous now. I'm sure at the time it seemed ridiculous to many at the time. But it was part of the transition to a vehicle driving society, along with buggy whips, we take for granted today.
So maybe having the courts sanction take down orders is the equivalent of someone walking in front of a car. Is that so bad to start with? If the courts (and parliament) find the police are responsible and proportionate in their use of another power - and when case law exists to help those innocents subject to take down orders - then society can agree that there are more limited circumstances needed for a court order.
I agree everyone want to see criminals prosecuted and their ill-gotten gains confiscated. But not at any cost. How many entirely innocent (and probably small and therefore to all intents and purposes defenceless) businesses will be closed as a result?
This is the police asking for powers above and beyond. You can't fault them for asking. That's their responsibility. But it's societies responsibility to push back and/or seek adequate safeguards.
A lop-sided extradition agreement was agreed with the US in the wake of 9-11 to help prosecute terror suspects. Who would have thought that within less than a year it was being used to extradite UK nationals for offenses not obviously related to terrorism? But officialdom will always use legislation intended for one purpose to handle another unless there's explicit reason no to. It's not a dig at officialdom: you and I would probably do the same. Its recognizing that powers without adequate checks are not a good thing.
1,857 people died on the UK roads and 20k were seriously injured - about the man with the flag...
Nominet - Law unto themselves
Try running a personal website with a .co.uk which might have a link to a friends online shop. Unless you take down the link they will unleash your personal details on the public internet. To keep your personal details, personal; your not allowed ANY advertising or money making or ANY links to any website that makes money on your website. How harsh! Now the police can shut-down any website they don't like. Regardless of the complaint being withheld or not the damage is done.
Why, then, would you want a .co.uk when you should be using .org.uk (for non-profits) or .me.uk instead?
>Try running a personal website with a .co.uk
Why? That's what org.uk is for......life would be simpler and neater, though granted less profitable for Nominet, if only a UK Ltd company could operate a co.uk.
As with all good ideas and Standards online, greed takes over and ruins it right at the fundamentals.....and don't even start me on the demise of hostnames in favour of w3 all the frigging time.
The title is required, and must contain letters and/or digits.
Why surely Ltd company's should be using ltd.uk by your definition, not co.uk
Because .org.uk, .co.uk mean nothing and who can use what is not means administered. Certainly when I brought the domain nearly 10 years ago I wasn't aware of the implications.
You could assume .co means 'cooperative' or a 'group' of people. Some 'groups' don't want to be labelled organisations because they are not, they are simply a group and not organised with leaders and followers.
So I run a co-operative website/forum for a group that isnt an organisation, I make NO money and I want to keep my personal information safe, why cant I!
Nope - ltd.uk wasn't introduced until long after co.uk was broken....the original intention was clear read the RFC.
"Certainly when I brought the domain nearly 10 years ago"
Where did you bring it from, pray tell?
before anyone starts winging, the BBC is bbc.co.uk
Re: Nominet - Law unto themselves
Interesting... I thought I'd fucking downvoted you by mistake, then I went for the upvote as I had intended. The latter seems to have registered but not the former. Software upgrade at El Reg or do I need to readjust my medicine?
Read the Nominet guidelines/rules for suffixes !
>Because .org.uk, .co.uk mean nothing and who can use what is not means administered. Certainly >when I brought the domain nearly 10 years ago I wasn't aware of the implications.
>You could assume .co means 'cooperative' or a 'group' of people. Some 'groups' don't want to be >labelled organisations because they are not, they are simply a group and not organised with
>leaders and followers.
It's made perfectly clear what the intended use of the suffixes are for.
Part 6 appendix A has a nice summary table.
And anyway, are you sure it is Nominet who exposed your personal details and not just your registrar's automated systems ?
@the BBC comment
The British Broadcasting Corporation using a .co.uk address?
What next, other corporations doing the same? Barbarians at the gates I say!
Dear 'The "issues group" behind the creation of the recommendations'
Please list all sites using a .uk domain that have lead you to introduce this rule. I'm going to stick my neck out here and say that list will be zero.
Thanks for introducing another rule that will take down legitimate sites and leave the criminals untouched.
They are already talking about expanding the scheme to cover civil matters!
So, instead of going to an ISP, you simply write a letter to nominet and pay a fee and have your competition cut off.
I did a quick Google search for 'government repression of information' and came up with a list of former government leaders who suppressed newspapers and other media types over the years. Napoleon, Mussolini, Hitler, Mao, Stalin, Ho Chí Minh, Hussein, Gaddafi, Kim Jong il...
Never heard of that lot, but I assume things worked out for them in the end.
well as far as my company is concerned this will now makes it's way onto the risk register, which means shareholders will be in a position to hammer directors if we lose money due to our website being taken down. Especially when the compensating control was as easy as "use .com domain instread".
I wonder how much business nominet will lose due to this ?
Wouldn't .com leave you open to abuse from the US government instead?
but the due diligence would have to factor in the chances that a US court will issue a takedown notice BEFORE the action, against the fact that there is no such safeguard in the UK.
It all depends on the possible impact. If you're web presence is incidental to your core business, you might figure it's a risk worth running, and would grade your audit accordingly. However, if losing your web presence for (say) 48 hours, while you file some (expensive) legal motion for a judicial review, means you could go bankrupt (e.g. amazon.co.uk) then you might figure that instigating a compensating control is worthwhile.
Don't forget, in big business a lot of contracts do involve an exchange of DD documents. I know one big bid (hundreds of thousands) my company made required bank statements, DR plans, and business growth plans before they would sign (they did). In fact it got so common we published the DR plans on our website. Caused quite a shock, as it stated that after 24 hours of office outage, key staff would be relocated to the London office (from Brum). Which was first they knew of it.
You're right if due diligence was actually properly considered. The problem is that from all appearances it isn't. Otherwise we wouldn't be ending up with this sort of siutation:
The warrants they use in the US would appear to be worthless and little more than part of a process of legitimising what the authorities are doing over there.
are the reason the warrants are worthless as the police and other authorities have tame judges who will sign any court order without question.
The same would be the case in the UK as I have no doubt that the police know precisely what skeletons are in which Judge's closets...
Plus they're all bl00dy Masons anyway... the chief constables and judges...
mission creep anyone??
With a little mission creep here in expanding beyond .uk domains (via ISP's maybe?) and expanding the list of offences to include oh say public disorder and rioting, could this be the method by which the police could shut down Facebook or twitter during times of civil unrest, without 'any new powers' as mentioned in earlier news article??
pass my tin hat please...
The cynical side of me thinks some media companies have given top police chiefs nice holidays on yachts in return for helping them via the back door with quick take downs. Its a conspiracy I tell ya...now give me my medication.
never mind copyright infringement....
... what's prostitution doing on the list together with fraud, money-laundering etc? It shouldn't even be a crime in the first place, and besides as any fool knows, "The Internet is for porn"
Prostitution isn't a crime in this country...
so wtf is it doing on the list?
Trafficking girls for sex is a different matter and a different crime, but exchanging money for sexual favours isn't a crime - or wasn't until fucking nanny Labour and its hysterical feminist branch got into power...
Goodbye Met.Police.UK / NewsInternational.co.uk then?
The Met involvement in serious organised crime... corruption & bribery in particular... would justify the take down of Met.police.uk.
And for that matter... if you're going to target serious organised crime, Murdoch's NewsInternational.co.uk too.
this is not a post
What's the issue? The police have been doing this for years.
Oh wait that's China - oops. :(
Well that's all the UK escort websites buggered then.
as the case may be.
What are the redress provisions?
Suppose someone, somewhere makes an accusation, your domain name gets seized, your business grinds to a halt, and so on, and so forth. That might turn out very expensive. Do they have an "expedited" review mechanism? Some way to provide compensation in case the seizure turns out to be wrongful? Anything, anyone?
I think they ought to have all that, and more, as they're insisting on reinventing the justice system just for domain names. Then that must include redress.
well, if you're a plc
your ongoing due diligence should have flagged this up to your risk audit team. They should have codified the risk, and investigated a compensating control. Depending on their assesment of *likelihood* and *impact* of risk, then the most obvious is "use a .com instead".
For a UK based firm, (say a bank) then while likelihood of a domain takedown is probably as close to zero as you can get, the impact would be catastrophic. I don't think it would be hysterical to say that for some companies, this could trigger bankruptcy.
Once the DD has been flagged, the onus is on the directors to direct, and mitigate the risk - if they don't, it could be their arse in a sling.
Notice, the DD doesn't need to factor wether the takedown is legitimate or spurious. Just that it could happen.
As another AC above pointed out, this news will precipitate a few companies switching to .com, or at least maintaining a .com mirror.
A solution for other reasons
A ,com mirror, or a ,eu mirror, would make sense as part of a general strategy of protecting against failures. You have back-up servers in another location, and you have back-up name servers and domains.
Oh, I can see the point about needing to protect against fast-happening crimes: imagine an event like the HP fondleslab sale being a fraud, You'd have a couple of days after taking the money to do a runner, before people got suspicious. But I can't see the system being able to react fast enough.
I think this is something dangerous (and the police have always had tame Magistrates who can be depended on to issue warrants in the "right" sort of case). It needs some pretty strong checks, with statutory backing.
"proportionate, necessary, and urgent".
In other words "Because we say so!"
I can see child porn applications for this, but counterfeit shops can be dealt with by court order.
phishing sites are another nice target, but anyone on a largeish ISP will have already cached the DNS entries anyway.
copyright infringement? seriously, just strike it from the legislation if you don't recommend it...
There are exactly ZERO applications for this.
This is a stupid, ignorant and incredibly dangerous suggestion.
If the police want to close down a site, they should get a court order. End of story.
The only possible reason for not wanting to get a court order to close down a site, is that the applicant thinks that they probably won't get it.
If they don't think they would be able to get a court order, then they shouldn't be trying to take down the site in the first place.
Court orders do not take very long to get.
If this actually does happen, then the first couple might happen quietly but pretty soon a legitimate small business or organisation will be affected and they *will* go all the way to the EU if necessary.
I'm increasingly worried by the attitude of some police organisations who behave as if the law doesn't apply to them. That's the attitude that those rioters had - how about the police try setting a good example instead of a bad one?
I'm new to this
but wouldn't that just mean a lot of the 'evil' websites preying on 'consumers' would simply find a way to ensure they get onto their hosts files?
Wait for the mission creep
For all occurrences of 'not' in that article, substitute 'not yet'.
Once it's in place, the first thing they will do is think up all sorts of reasons why it has to be expanded just a little bit. And just a little bit more. And ...
It's not a matter of pointing out previous times they've done exactly this. More a matter of has there ever been a single time when they have *not* done so.
It doesn't matter what Nominet, the police, or anyone else claims about how this would work, every bit of experience we humans have about power relationships points clearly to the fact that at some point the system WILL be abused, the injured party's path of recourse turns out to be impractical or non-existant, they will get royally screwed, never get more than a fraction of lost revenue back (if indeed anything at all) , and whoever screwed up or abused the system will get off with nothing more than a slap on the wrist.
If this really gets implemented I could write the news story now, and then just fill in the blanks with names and dates when it inevitably happens within the next 5 years. It would be depressing except that it's Friday and I refuse to be depressed - so beer :)
- Mounties get their man: Heartbleed hacker suspect, 19, CUFFED
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
- Feast your PUNY eyes on highest resolution phone display EVER
- Wall St's DROOLING as Twitter GULPS DOWN analytics firm Gnip