In the US, the Treasury Department and Homeland Security make a practice of ordering registrars and service providers (ISPs) to take down internet domains. For examples of this see this story in the NY Times about British websites that were taken down because of a connection with Cuba, and this trenchant criticism of the seizure of music websites suspected (wrongly in some cases) of illegal filesharing.
They issue these orders without any sort of judicial oversight, and the registrars and ISPs comply without argument. Despite criticism in the press and online these agencies seem determined to carry on this policy despite the potential for First Amendment infringements. In the case of the British websites run using .com domains there was no US commercial or legal interest at all, simply a political one.
What you will not have read about is that this is also happening to .uk domains. According to Nominet [PDF], the registrar responsible for the .UK top-level domain, they and other registrars have already taken down over 1,200 .uk domain names at the request of law enforcement agencies. Again with no judicial oversight or any right of appeal or any other safeguard.
But the Serious and Organised Crime Agency (SOCA) are not satisfied with this level of cooperation. They now want Nominet to be obliged to take down any domain whenever they say so. They have asked Nominet to agree contractually to take down any domain that a UK Law Enforcement Agency says is suspected of criminal activity.
They do not propose any requirement to
- Get a court order before issuing a take-down
- Have an appeal process for wrongly-issued take-down orders
- Explain why they want the domain taken down
Compare this with other things they might want to do to prevent criminal activity. Could they do any of the following without a court order?
- Freeze a bank account?
- Withdraw a license to operate?
- Turn off a utility such as a phone line?
- Close down physical premises such as a shop?
I am not a lawyer - please let me know if there is a UK Law Enforcement Agency that can do any of these things by fiat.
But an internet business is different, apparently. SOCA want to be able to close down any business that depends on the internet, pending investigation. For many companies this is in effect giving the police (or any of the shadowy agencies run by the private company ACPO) the right to put them out of business.
But, say SOCA, we only want to do this when there is reasonable suspicion of criminal activity. Maybe in their minds this is how it will work, but most people have heard of examples of powers being used either incompetently (see the Homeland Security domain seizures I mentioned before) or cynically to achieve unintended consequences. Legislation passed in times of crisis has a habit of staying on the statute books if it gives the government a useful control tool (Alcohol licensing laws, anti-terrorism legislation, etc.). Once SOCA have the power to take down domains then individual officers will use it for whatever purpose they see fit. This will lead to some mistakes and a few wrong-headed decisions, inevitably. It’s clear that checks and balances are required if we are to give this much power to any agency.
The current government is planning to review the Human Rights Act 1998, which implemented the European Convention on Human Rights, but something like Article 10 will survive. A right to free expression enshrined in UK law and centuries of legal precedent should not be handed over to an unelected agency without robust mechanisms to ensure that injustice is not done.
Nominet are asking for comments before they discuss this request from SOCA. If you have any comments on this issue please email policy@nominet.org.uk, and include the title, “Dealing with domain names used in connection with criminal activity” in the subject line. Please note: your comments will be fed into the Issue Group and may be referenced.