VeriSign requires more rights to control domain names
VeriSign company that supports first level domains .com, .net. and .name, which is one of 12 owners of root DNS servers, has asked ICANN for broader rights to monitor the use of domain names. In particular, the company seeks to block domains at the request of law enforcement agencies without following established legal procedures.
On Tuesday, VeriSign sent a request to the RSEP (Registry Services Evaluation Process). Contacting the RSEP is the primary mechanism registrars use to make major changes in their relationship with ICANN. The “Anti-Abuse Policy” document posted on the ICANN network explains the proposed changes ( see PDF ). If these proposals are accepted, the company will be able to refuse to register new domains, as well as block or revoke already registered without a court decision.
According to VeriSign itself, these changes are necessary for a more successful fight against phishing attacks and the spread of malware. According to the company, "Every member of the Internet community feels the need for more active measures to counteract the spread of malicious programs." VeriSign also makes a reference to ICANN, which has recently required applicants to register as the top-level domain operator for the Quick Disconnect Domain (URS) implementation. It should be noted that ICANN justified the need for such measures by entirely different reasons - the URS is designed to protect trademarks and the rights of their owners from cybersquatters in new domain zones ( see PDF ).
However, VeriSign is not limited to anti-malware. Moreover, this is far from the first point in the list of reasons proposed by the company for launching the procedure in question. The document proposes to use the procedure to quickly disable domains in the following cases:
')
In addition to blocking domains, VeriSign reports in a document about the planned launch of a site scanning service for the presence of malware. If the document is accepted, the registrars will be required to make changes to the agreements with users that will allow VeriSign to have access to the data “necessary for conducting such a check.” The service will be provided by default, but is optional and the registrar can unsubscribe from it. The final owner of the domain will not be able to make decisions on the use of this service and will be obliged to obey the policy of his registrar.
VeriSign stated that these procedures were coordinated with US law enforcement, security experts, the national cyber defense department of the US Department of Homeland Security and US registrars. VeriSign has also begun coordination with European law enforcement agencies and registrars.
Published documents caused quite a strong reaction. Aiden Fine, senior lawyer at the ACLU (American Civil Liberties Union), said in an interview with Ars Technica that the blocking procedure itself raises many questions, and if the disconnection will be made by order of government structures, then everything is much more serious and the First Amendment may be violated .
EFF (non-profit human rights organization) public relations director, Rebecca Jeske, claims that these changes are “an extremely bad idea” and refers to the sensational case of confiscation of a number of domains by the US Customs Police (also called the Internet police) It was a big question (some sites were recognized as legal and non-violating copyright by European courts, the 3rd level domain registrar moo.com was blocked and along with it 84.000 other sites), not Already that the site owners were not given any opportunity to protect themselves and their business.
Ordinary bloggers are much less politically correct in their statements and openly call such measures almost a conspiracy of "copywriting" and "Big Brother", accusing the US government of wanting to control the network with the hands of private corporations and creating tools to suppress protest sentiments.
As bloggers suggest, any sites that actually or allegedly violate copyright, for example thepiratebay, as well as sites that distribute information that can be removed by any government organization, can fall under the term “fan blackouts”. The latter, obviously, is wikileaks. For objectivity, it should be noted that the .org domain zone in which the above-mentioned sites are located, was withdrawn from the jurisdiction of VeriSign in 2003.
Related articles:
On Tuesday, VeriSign sent a request to the RSEP (Registry Services Evaluation Process). Contacting the RSEP is the primary mechanism registrars use to make major changes in their relationship with ICANN. The “Anti-Abuse Policy” document posted on the ICANN network explains the proposed changes ( see PDF ). If these proposals are accepted, the company will be able to refuse to register new domains, as well as block or revoke already registered without a court decision.
According to VeriSign itself, these changes are necessary for a more successful fight against phishing attacks and the spread of malware. According to the company, "Every member of the Internet community feels the need for more active measures to counteract the spread of malicious programs." VeriSign also makes a reference to ICANN, which has recently required applicants to register as the top-level domain operator for the Quick Disconnect Domain (URS) implementation. It should be noted that ICANN justified the need for such measures by entirely different reasons - the URS is designed to protect trademarks and the rights of their owners from cybersquatters in new domain zones ( see PDF ).
However, VeriSign is not limited to anti-malware. Moreover, this is far from the first point in the list of reasons proposed by the company for launching the procedure in question. The document proposes to use the procedure to quickly disable domains in the following cases:
')
- to protect the integrity and security of the DNS itself;
- by a court decision, by any request of official institutions (without a court decision) and for resolving any disputable situations;
- to prevent any lawsuits or legal proceedings against VeriSign and its partners;
- to prevent the spread of malware;
- to comply with specifications approved by any authoritative technical group related to the Internet (RFCs);
- to correct errors made by VeriSign or other registrars.
In addition to blocking domains, VeriSign reports in a document about the planned launch of a site scanning service for the presence of malware. If the document is accepted, the registrars will be required to make changes to the agreements with users that will allow VeriSign to have access to the data “necessary for conducting such a check.” The service will be provided by default, but is optional and the registrar can unsubscribe from it. The final owner of the domain will not be able to make decisions on the use of this service and will be obliged to obey the policy of his registrar.
VeriSign stated that these procedures were coordinated with US law enforcement, security experts, the national cyber defense department of the US Department of Homeland Security and US registrars. VeriSign has also begun coordination with European law enforcement agencies and registrars.
Published documents caused quite a strong reaction. Aiden Fine, senior lawyer at the ACLU (American Civil Liberties Union), said in an interview with Ars Technica that the blocking procedure itself raises many questions, and if the disconnection will be made by order of government structures, then everything is much more serious and the First Amendment may be violated .
EFF (non-profit human rights organization) public relations director, Rebecca Jeske, claims that these changes are “an extremely bad idea” and refers to the sensational case of confiscation of a number of domains by the US Customs Police (also called the Internet police) It was a big question (some sites were recognized as legal and non-violating copyright by European courts, the 3rd level domain registrar moo.com was blocked and along with it 84.000 other sites), not Already that the site owners were not given any opportunity to protect themselves and their business.
Ordinary bloggers are much less politically correct in their statements and openly call such measures almost a conspiracy of "copywriting" and "Big Brother", accusing the US government of wanting to control the network with the hands of private corporations and creating tools to suppress protest sentiments.
As bloggers suggest, any sites that actually or allegedly violate copyright, for example thepiratebay, as well as sites that distribute information that can be removed by any government organization, can fall under the term “fan blackouts”. The latter, obviously, is wikileaks. For objectivity, it should be noted that the .org domain zone in which the above-mentioned sites are located, was withdrawn from the jurisdiction of VeriSign in 2003.
Related articles:
Source: https://habr.com/ru/post/130488/
All Articles