...will not strike twice.
It may have been a mistake. But now they are known. Known for causing inconvenience, trouble, whatever. And surely on some watchlist.
Next time lightning strikes, it will be no mistake.
A Brighton-based ad agency is scratching its collective head after its website was effectively seized by US Homeland Security. The agency stopped receiving external emails and turned to its IT support company Ingenious for an answer. They discovered that anyone trying to visit the company website – designate.com – met a …
LEA seem to have an institutional mentality that anyone who is demonstrably innocent "must be guilty but very clever - we'll get them next time".
A similar phrase was once uttered by a police office when recounting tales of some of the ones they had arrested "on suspicion" but couldn't find a law they had broken.
The DHS was originally established for counter-terrorism purposes, but their role has been expanded greatly since then. Many previously-independent agencies have now been merged as sub-agencies within the DHS. The coast guard, ICE, Customs and Border Protection, and Citizenship and Immigration Services included.
The DHS announced just last month their new priority, a "Strategy to Combat Human Trafficking, the Importation of Goods Produced with Forced Labor, and Child Sexual Exploitation." I'm guessing this seizure was under the human trafficking part.
homeland security is a fight against terrorism, and terrorism is funded by, well: prostitution, drug trafficking, child trafficking, software, hardware and wetware piracy, money laundering, as well as any other human activity, including, but not limited to those deemed "illegal", "immoral", or just "cool", nevermind those mundane activities considered "uncool", but legal. EVERYTHING has to do with so-called "homeland security" ;)
One agency to rule them all (and a whole 'nother level of politically appointed bureaucrats drawing salaries for "coordinating" the work of other agencies.
...and untouchable, because "it's all different after Sept 11th"
Objectors will be dealt with.
Don't forget that with Homeland Security everyone is a suspect until proven innocent. And no one is ever proven innocent. As US law does not stop at their borders, that means everyone globally is suspect and subject to US law.
Holding a domain name ransom until the company signs a non-suing pledge is bottom feeder tactics.
It sounds like blackmail to me. Perhaps DHS can be sued for that tactic. Making a big deal of it in the media may or may not be to one's advantage, but a second lightning strike could become a political nightmare for the US.
> Perhaps DHS can be sued for that tactic
You can't possibly legally fight "[Redacted]" and "reasons of national security". You'll lose your money, at best.
"National security" is an even stronger magic word than "somebody think of the children", absolutely nothing can stand in its way. No law, no reason, no logic, it trumps everything (no pun intended).
"I have the best tests, the biggest tests... everyone says so. Scraping Urethra sounds like fun -- that girl's up for anything. But I won't use a condom, a Trojan, because I won't get pregnant... Trojans are for Greek. Women like it when I grab them by the pussy, and no condom means maybe they'll have a baby and it could be a baby like Ivanka. Another Ivanka... and she won't know I'm her daddy."
>Protecting The President probably....
That's one of the few jobs that DHS doesn't do -- that's the Secret Service which is part of the Department of the Treasury (which used to be about managing federal government revenue but now appears to be the "Department of Sanctions, Entity Lists and General Chucking Our Weight Around".)
Two simple reasons
1) The UK Company had the temerity to use a .com domanin. That is regarded as for the sole use of US companies by many inside Trumpland.
2) These US Agencies have laws passed years ago behind them that gives them jurisdiction over the whole planet (And often beyond) to go tramping over small companies and people in their pursuit of what they see as wrongdoing and as this case shows, they seem to be able to do it without fear of being sued for their inevitable mistakes.
It does now. It didn't recognise citizenship when first introduced - it didn't need to, as there was no concept of federal citizenship. State decided for themselves who could be a citizen. Then things got ugly as states started disagreeing on how exactly a citizen was defined after the end of the civil war - a person could be a perfectly legitimate citizen in one state, travel to another, and promptly be declared an alien and deported from the country. The fourteenth amendment settled that by establishing a mostly-agreed-upon definition of citizenship, though it still took a lot of court rulings to iron out all the details.
Had same thought... There is the use of a .com... Having said that, that nowadays is more synonymous with a "generic, global, commercial" than a "US, commercial" label...
Then again, it wouldn't be the first time the US for example invades a country because they don't like locals not buying US products, not speaking English, and having the local practice of hugging trees, right?
"Had same thought... There is the use of a .com... Having said that, that nowadays is more synonymous with a "generic, global, commercial" than a "US, commercial" label..."
The .com top-level domain is owned by a US company. That's it. Doesn't matter how it's generaly perceived.
Well obviously there would be other details to work out, but it's certainly do-able.
Most people seem to have the idea that the internet is a 'thing' rather than what it actually is, which is a *lot* of things, all agreeing to talk to each other.
If enough people wanted to wrest control of DNS from the Americans then it could be done.
doesn't the USA in some sense control the Internet and all domains?
Nope. .uk domains are controlled by Nominet (A UK company) who manage the .uk TLD. And, since the various root servers are scattered around the world it would take *very* drastic action for the US to impose control..
> Having said that, that nowadays is more synonymous with a "generic, global, commercial" than a "US, commercial" label...
.com never _WAS_ "US, commercial" - it's always been international.
At the time the TLDs were created they were all international - although getting a .gov or .mil assignment outside the USA was difficult-to-impossible, on paper it was supposed to be doable.
"At the time the TLDs were created they were all international"
Incorrect. .MIL was never a part of DARPA, it was always owned outright by the US military, and administered initially by the Defense Data Network Program Management Office (DDN-PMO). See RFC-920.
You are quite correct in saying that .GOV could, in theory, have become international, but the idiots in charge said no.
You were right the first time. The US does indeed have jurisdiction over the domain name registration.
I gave up trying to explain to clients that it was in their best interests to have their domain name registered in the jurisdiction where they traded and where they also held any relevant trademarks if they wanted to minimise the risks of foreign courts getting involved in any disputes. However, it seems that because people have heard of the ".com" boom but not of a ".uk" boom, there is something intrinsically inferior about ".uk" for the kind of people that worry about that kind of thing. It's about as futile as arguing with an anti-vaxxer.
It's more complicated than that. When we started, a .pt domain was more expensive, slower to get and more restrictive than a .com.
Some things have improved, but it is also more complicated as .com.pt has been introduced since, there is not much interest. Even government institutions use a variety of .pt and .gov.pt.
You sense some influence of new ministers or bureaucrats who want to prove their existence by meddling.
I get somewhat worried by people who have decided that .com is too long, and want to register in .co
What is even more worrying is when I remind them that .co is the country domain for Colombia, and they are not too concerned, even when I remind them about their ongoing issues with marching powder.
Not really sure I want to have financial transactions with a website in .co!
"Seems like it is time for a revolution, you are overdue anyway."
If you are talking to us Yanks, we are civilized. We vote instead. Sometimes it kinda works. Sometimes we cock it up. But at least we can attempt to fix our mistakes in the next election.
If you are talking to the Brits, I suspect they are closer to that awful last result than we are.
again in 1688 for the "Glorious Revolution "
Paraphrasing Gibbon here (about the Holy Roman Empire): The Glorious Revolution was neither glorious nor a revolution - it was a (mostly) bloodless coup by a foreign king to take over England from the anointed (but unfortunately Catholic) monarch. Said foreign king happened to be married to said monarchs daughter but that was the extent of his claim to the throne (apart from the fact that he and said daughter were Protestant). It was directly followed by the law that no Catholic can inherit the throne (which is still in place)
It mde the populace fairly happy (no-one wants to be ruled by a Catholic right? Apart from the Catholics..) but they really didn't participate much (although quite a few nobles did).
It was as much a revolution as the whole Stephen/Matilda debacle but just with a much, much lower body count.
not exactly extortion, exactly bullying / blackmailing to avoid being defeated and humiliated in court and having to pay a sizeable fine for your incompetence. You surely didn't believe justice and fairness prevail in 21st century?
... which reminds me of a UK case a couple of days ago, when a bloke got jailed for "redecorating" an office front with a mini-digger because he didn't get paid and everybody around told him it's fine, what's your problem, have a sandwich...
No-one comments at all about the other 71% covered by water..
Or how about super man looking distinctly Caucasian and being fortunate enough to land in a majority Caucasian country (politics aside).
I mean seriously, Kal-El could have had the name 'Yang Lang' or some such...
Contracts with the Government are null ab initio. A valid contract requires intent by the parties and the intent to be bound by the contract. Since the Government cannot be bound in contract, contracts with the Government are a nullity.
"Since the Government cannot be bound in contract, contracts with the Government are a nullity."
Which jurisdiction are you referring to?
Not the UK (or NL, etc.) I presume - if you conclude a contract, say to provide IT services, with a government body here and they don't fulfil their part of the deal you can definitely take them to court.
"He who makes the law can break the law"
In the US, it is Congress who makes the law and USG is a distinct entity, very much subject to those laws.
They used to have a different system, with a King who could tell them to eat shit and that was the end of the discussion, except that it turned out that that wasn't the end of the discussion.
I suspect you can't sign away constitutional rights in the US either and in the context of other stories we have frequently been told that those rights are granted to "persons" and not just "citizens", but they might only apply to "resident persons" (which this UK company isn't) and would in any event require the hiring of a lawyer to actually enforce. Since you are effectively trying the stop the Homeland Security people from doing what they believe is their job, it might need to be quite an expensive lawyer.
> I suspect you can't sign away constitutional rights in the US either
No but there is few things the judicial branch in the US likes to do more than punting based on standing or jurisdiction. Worse case US government has pretty deep pockets (being able to write trillion dollar IOUs helps with that) so I wouldn't count on collecting any time soon either.
Actually, the GDPR applies to any non-domestic processing of personal data by any person or any organisation including governments. The only difference for government is that when we get fined for data breaches we pay and when government departments get fined for data breaches, we ultimately pay as well (out of taxation).
Mike 137 the article states that you cant offload your processing to an outside country, to prevent EU companies doing so to get round it. The article can only be enforced by territories that recognise it, the US doesn't. The only way it works is by fining the EU arms of US business.
That's why California tried to introduce similar legislation (which got watered down).
Down votes is a strong response, any of you down voters got a reference to the bit of the article which magically makes the GDPR globally applicable...? Was there a global reverse Brexit treaty that made us all one state...?
That's why California tried to introduce similar legislation (which got watered down).
It's quite a bit more complicated than that - the state of California was effectively forced to do so to avoid getting an even tougher set of laws that would have been harder to water down. For teh gory details see this Register story.
Presumably the victims here could go after their domain registrars who presumably are trading in the UK and therefore fall under GDPR? It'd be up to them to pursue either their own suppliers or the DHS.
I'm not seeing a reason why they shouldn't do this so I'm surprised at the number of negative comments.
So the biggest, fattest, orangeist kid in the playground decides one day that he wants to be the Police of All Things (TM), and sets about doing what he damn well pleases. What's yours is mine now. And you can only have it back when (and if) I say so. And to get it back, YOU have to write ME a letter saying you're very sorry and you promise not to tell the teacher.
In any sane world, that kid would get a reality check very quickly. But as we know, this isn't the real world....
I've been thinking vaguely around those lines in the last couple of years, given how things unfold. But then, even if you had a capacity, well, you could expect various types of pressure to be applied by some well-known state players, to drop this idea. And if gentle "please" doesn't make you see the light, the sanctions will. And having an alt-internet run within just your own country is kind of... not good enough. But yes, I'm waiting for an open source, cheap to run and use alternative internet... Yeah, right :(
"I mean, you could."
Ultimately the internet runs an a mutual agreement to trust a particular root service and sync all the mirrors to it. That implies that a mutual agreement to distrust it and trust one of the mirrors would be possible. If that were to happen the US would have the options, after all the shouting, of accepting it or cutting itself off from the rest of the world.
Civil forfeiture really took off in the '80s. Plenty of states only require "probable cause" to find some property or pile of money guilty and seize it. Getting stuff back requires proving beyond reasonable doubt that the seized items were not involved in a crime. The different standards of proof and 'guilty unless proven innocent' may sound a bit unfair and provoking abuse but remember the legal action is against things without any rights rather than against people who might still have some rights promised by the constitution.
In some states they can take any money you have in an account if there is no activity for three years
Wasn't that sort of thing a contributory cause for the colonial rebellion you guys had? Something about "unreasonable searches and seizures"?
Next they'll be quartering US Marines in your house..
I have to say that for a new venture I am working on the main domain was going to be a .com with a .eu and country TLDs as secondary.
I think I am now going to change that strategy to making the .com secondary. A .com is probably still the most common TLD people put after a brand name if they try to guess the domain. However, the thought of some US mouth breather taking our domain down just like that makes that a quite risky strategy. I may need to consider having the .com do a 301 to whatever non-American tld we want to make primary.
I guess if you add or drop a [d] or a few other variations, you could get a few dating site addresses. Nonsense addresses, but they would have the word "date" in them. Oh well, automation gone wrong, of fingers fell off the keyboard. Sad it was not audited before they trashed the place.
This is why Americans just should not have that power. Time to do something about those root servers.
Really... they get their property (domain that they registered and paid for) back only after jumping through American hoops and agreeing not to sue for damages? How generous of them. Again, typical American bullying.
Personally, I wouldn't have signed or jumped through the hoops. I would have made contact, once they asked me to sign, I'd say no and request they release it.
Simply because no crime was committed, and they have ceased property which is not involved in any illegal activities.
If they refused, I would calculate on a day by day basis of my lost earnings. I would publish their actions on reddit or other places where it can be noticed under the guise of "What should I do?" post with proof, in order to get the old "A foriegn government is hurting a small business" sympathy, submit that post anonymously to the reg, slashdot etc in media and put them in a bad light and let the news spread. And if all goes will, start legal proceedings for my lost income.
Wherher I win or lose? It doesn't matter it's the principal, I will not allow my self to be forced to sign documents.
They make their money by their main business, and whereas the website is probably nice to have, their email addresses are likely to be crucial.
Government has all the time in the world to let junior paper pushers deal with complaints and lawsuits, apart from taking attention off running their business they may run out of cash.
In that respect they made a fundamental mistake in not setting up a .uk domain so they could continue to use email. Get the business going again and argue back at leisure.
Easy to be wise after the event. I mean, why would you suspect that your dotcom site was going to be intercepted by some US government security outfit?
I would have thought that what's going on with Assange would suggest that you're not going to get anywhere like that. (...and then there's also the case of Chelsa Manning who's been in jail for about a year so far without being charged or convicted of a crime....just a technicality really).
The general rule is that you don't mess with Federal agencies because they have a lot of power and no accountability (especially if you're not a citizen and lack resources) and, unfortuantely, you can't rely on your own government to support you. Suck it up, learn your lesson and keep away.
"This is why Americans just should not have that power."
Americans don't have that power unless you register under one of the three-letter TLDs. If you use your own country-code TLD then they'd have to deal with your country's legal system. That's not impossible, but I haven't heard of it actually happening. I suspect that if this UK outfit registered under .uk then they'd be pretty safe from American mistakes.
Given that just about everyone *finds* stuff with a search engine, I'm surprised that businesses still believe that a ".com" actually matters. It doesn't. It just means that an important part of your business is outside your country's legal system.
Everyone seems to be assuming the US Government screwed up here.
While it's certainly possible, on the other side we have an advertising agency with a website that's likely to have been built using cat+paste from StackOverflow. Or a CMS from 10 years ago with no patches. Or someone actually doing something dubious if not downright illegal.
Source: have worked with advertising agencies in the past.
He said they had no intention of switching to a .uk domain ...
That would be a big mistake but then, seeing the direction things are going in the UK and what Brexit will bring on, it will probably end up not mattering much.
... hopes that lightning will not strike twice.
If it only were lightning, but it is not: it's US Homeland Security.
That case is one of the reasons we say the Law is an ass.
IMO, so-called "security forces" shooting guns at children throwing rocks is murder or attempted murder. This is true in Northern Ireland, Turkey, Syria, Ukraine, Iran, Iraq, Israel or the United States. Or anywhere else, for that matter.
And it does not alter what I wrote. You do, in fact, commit several crimes merely shooting across the border. Shooting at someone and fataly connecting are more crimes.
Meanwhile I applied for a PVG cert here in Scotland, filled in the form with all the info requested which I possessed and was informed they could find no trace of me. I have a passport, number supplied, NI #, ditto, registered to vote, pay council tax in my own name, own my own home. I have a Fb page and a LinkedIn account. The NHS knows about me. The council's info is out of date but I'm there.
It doesn't give me confirdence that they can actually look at enough stuff to check and clear someone.
Excuse me? Since the firm was innocent of all wrongdoing, the website should have been returned to it immediately.
Since, instead, Homeland Security retained control of it in order to secure a waiver of damages from the firm, the persons responsible for imposing that condition should face criminal charges of extortion. Pure and simple.
Biting the hand that feeds IT © 1998–2020