Wikileaks: What would you do?

A NearlyFreeSpeech.NET member posted a clip of a news article about the Dynadot / Wikileaks situation in our member forum, asking what we would have done about it.

We have a powerful allergy to hypothetical questions. There are a lot of reasons for that, but the here are three of the best ones:

1) People asking us hypothetical questions often tend to leave inconvenient details out in an effort to get the answer they want. Example:

People often ask: “Will you shut my web site down if it gets complaints?”

People sometimes mean: “Will you shut my illegal warez site down if it gets DMCA complaints?”

Sometimes, people think that if they can get us to say that something is OK, or allowed, or that we would do something if something else happened, then later, when the inconvenient details come to light and something bad happens to them, that somehow being able to point back at an answer they conned out of someone will make a difference. That never works, but people still try.

2) Since they are so vague and are based on so many assumptions, hypothetical questions have a nasty habit of multiplying without bound as the various possibilities are explored. Even worse, they sometimes spiral toward ridiculousness.

Q. … OK, but what if secret agents from my country’s government break into your house and threaten at gunpoint to kill your family if you don’t give them my identity?
A. You’d read in the paper about “District attorney confirms no charges to be filed against homeowner in home invasion-related shooting deaths.”
Q. But what if they had machine guns and got the drop on you?
A. Uh, if that happens, l’d probably tell them.
Q. See, I knew your privacy policy was crap! Screw you! (Oops, that’s not a question.)

(The above is not an actual exchange, since we just don’t go down that road, but we’ve had a couple over the years that were definitely going that direction.)

3) Hypothetical questions often simply require information we don’t and can’t have. The classic and most frustrating example of this is: “Tell me specifically how much my site will cost to host with you.” Since our service is billed based on resource usage with no minimum, answering this question requires exact foreknowledge of future traffic to a site which we unfortunately do not possess.

“What would you have done?” is clearly a hypothetical question. But wait, there’s more.

We also try (not always successfully) to avoid criticizing other providers. I want to focus on what a great company we can be, and how we can be better. It takes up all my time just to do that. But if I woke up one morning and decided to go off on the competition, there are enough weasels, scoundrels, and asshats in this business that, if I started right after breakfast, I don’t think I’d get to Dynadot by the end of day one. I’m not sure I’d even heard of them before this incident.

So, if I correctly surmise that the member who asked doesn’t think Dynadot looks like the hero in this, weighing in with what we would have done in their place could easily be taken as exactly the sort of criticism of competitors that we try to shy away from.

Thus, after all that preamble, my answer has to be: I couldn’t say. We haven’t been in that particular situation and don’t know the specifics of what transpired between the various parties up to that point.

However, I did read all the material I could find on that matter, and what I can do is briefly go through the parts of the injunction, since it’s hard to get more specific than that, and offer what comments I can.

First off, it’s important to note that Dynadot appears to be the registrar for the wikileaks.org domain, but I don’t see any evidence that they were the host. That’s actually a very relevant distinction, as we’ll see.

1. Dynadot shall immediately lock the wikileaks.org domain name to prevent transfer of the domain name to a different domain registrar, and shall immediately disable the wikileaks.org domain name and account to prevent access to and any changes from being made to the domain name and account information, until further order of this Court.

Most of this is not that unusual. Courts like to freeze things right where they are while a dispute is in progress. It does say “and disable the wikileaks.org domain name.” They say this several times, and appear to mean something different each time. Here, I think it was supposed to refer to disabling access to the UI that controls the domain name.

2. Dynadot shall immediately disable the wikileaks.org domain name and account such that the optional privacy who-is service for the domain name and account remains turned off, until further order of this Court.

This seems odd to me. Dynadot is certainly capable of producing the identity of the registrant and/or domain contacts to the plaintiff in response to a subpoena. But how are imminent damages to the plaintiff mitigated by providing it to the general public?

3. Dynadot shall preserve a true and correct copy of both current and any and all prior or previous administrative and account records and data for the wikileaks.org domain name and account.

This one is pretty “duh.” If you’re a party in a lawsuit and the other side says “We need information XYZ” and later that night you shred XYZ, you’re in a lot of trouble.

4. Dynadot shall immediately clear and remove all DNS hosting records for the wikileaks.org domain name and prevent the domain name from resolving to the wikileaks.org website or any other website or server other than a blank park page, until further order of this Court.

This is the heart of the injunction. The plaintiff claims that allowing this material to remain available irreparably damages them. The judge agrees (as, apparently, does Dynadot if they stipulated to it).

I assume (without knowing for sure) that there was other content on the site besides the documents in question. Forcing it all offline seems like a disproportionate response. But Dynadot is the registrar, “all or nothing” is probably the only option they have. So if you accept that the registrar has some obligation to disable access to this material (and again, it appears that Dynadot accepts that, since they stipulated to this), disabling the domain name would be the only way for them to do that.

At first, I thought that DynaDot was the registrar and the host. Then, when I realized that DynaDot was just the registrar, here’s the scenario I constructed…

Suppose Wikileaks is hosted all over the place. Suppose they really don’t like you and are “disinclined to acquiesce to your request” to take down material. (Means “No.”) Suppose that every time you move in on their host in country X, they just flip the DNS at the registrar to a host in country Y. That registrar is the point that’s not moving while all this is going on (or could be going on, if you’re planning ahead). The people running the site are a small group of probably-not-rich people who could be anywhere, and probably are. Suddenly the registrar does look like the best target.

If you’re the plaintiff, trying to get the registrar to shut down the domain makes a lot of sense. You go to the registrar’s home district and try to get the judge there to order the name to be suspended. So if you’re the plaintiff, you’re likely pursuing your best legal strategy. But DynaDot stipulated to it. If you check your notes, they aren’t the plaintiff.

5. Dynadot shall immediately produce both current and any all prior or previous administrative and account records and data for the wikileaks.org domain name and account, including, but not limited to, all data for the registrant; billing, technical and administrative contacts; all account and payment records and associated data; and IP addresses and associated data used by any person, other than Dynadot, who accessed the account for the domain name, to the extent such information is maintained by Dynadot.

This goes past retaining the records to producing them. In a lawsuit, subpoenaing the opposing party to produce records you think will help your case (the discovery process) is very common and straightforward. Having the judge order production of the records is a lot less common; it usually only happens if they try to quash the subpoena and fail, or if they flat out refuse (at which point, if they don’t follow the judge’s order, they go to jail). I’m guessing that the records were already subpoenaed and this order is just codifying that, since Dynadot is being dropped as a party. That still seems unnecessary; just because they’re not a party doesn’t mean you can’t subpoena their records. But never underestimate lawyers’ fetish for pointless overkill.

In general, when you subpoena records to identify somebody, the person about to be identified has the opportunity to try to quash the subpoena. Some of the RIAA college cases are good examples of this. If I understand it correctly, one of Wikileaks’ complaints about the timeline was that this opportunity was not afforded to them. If that’s correct, it seems at face value like a reasonable complaint.

That’s it. #6 just gives DynaDot their get out of jail free card.

I haven’t seen the original complaint or the rest of the documents, so I don’t know what it is that DynaDot, as the domain registrar, is actually supposed to have done to merit being a party in the suit in the first place. Which brings me back to: why did they stipulate to this? I just don’t know, and that in itself is a darn good reason why the “what would you do?” question is unanswerable.

But the part I find the most confusing is that this is a permanent injunction. Wikileaks is still a party to the lawsuit, which hasn’t been decided. They could win the suit outright, but that won’t rescind this order. They’ll probably never get their domain back without separately appealing this order. With the information currently available to me, I’m inclined to hope they do. It looks like an overreach by the court. In fact, an appeal may be what DynaDot is hoping for; if the order is overturned, Wikileaks gets their domain back but DynaDot is still off of whatever hook they thought they were on.

While I can’t say what we would do, I can say what we have done. NearlyFreeSpeech.NET has never stipulated to a legal agreement revealing a member’s identity or terminating a member’s service for the purpose of escaping civil liability. We have no need to do that. We don’t really do anything ourselves but keep some equipment running in a particularly fancy way, and we have very broad legal protections in the United States that defend us from liability arising from the content of member sites. That only makes sense; we don’t edit, approve, censor, or review the content that appears on web sites members of our service create using the tools we provide. How could we possibly be responsible for it? That is our official position, and while it has produced a thick folder of would-be challengers over the years, none of them has ever prevailed. This protection is vital to our business’s survival; without it we simply could not exist. Whenever it comes up, we have absolutely no choice but to fight to the death to protect it, because if we lose it, we’ll be dead anyway. Don’t corner the wild animal!

I should clarify that our primary interest in defending such challenges is in protecting ourselves and our ability to continue to provide service to the rest of our members. If you do something on your site that gets you sued, you’re absolutely, positively on your own. We are a hosting company, not a free legal clinic; we aren’t going to defend you, and you may, in fact, wind up paying for part of our defense.

Similarly, if a court with jurisdiction over us orders your site shut down, we shut your site down. There are laws in this country, and we follow them. So you do not obtain, as some hope, magical special protections from the consequences of your actions merely by hosting with us. Free speech, Nearly or otherwise, is both a right and a responsibility.

What you do get, which I think is still quite remarkable, is some reasonable confidence that if you are hosted with us, no one will get to you simply by threatening us. Unless, hypothetically speaking, they are a gang of machine-gun toting foreign spies with a quiet step.*

So there you go. It’s not a “what would you do?” but I hope it gives some insight into our thought processes when we face these types of issues.

*It’s a joke, not a dare. Please, no automatic weapons.

5 Comments

RSS feed for comments on this post.

1. So, if I correctly surmise that the member who asked doesn’t think Dynadot looks like the hero in this, weighing in with what we would have done in their place could easily be taken as exactly the sort of criticism of competitors that we try to shy away from.

   You are reading more into my rhetorical question than I intended, which was to say, more or less “look at this, and comment, if you will”. That I don’t “think Dynadot looks like the hero in this” is true only if the negation is a logical one. It doesn’t follow that I think Dynadot is the villain in this, though I do have concerns about the stipulation.

   In fact, an appeal may be what DynaDot is hoping for; if the order is overturned, Wikileaks gets their domain back but DynaDot is still off of whatever hook they thought they were on.

   We’re not talking about a $100M domain here, and, wikileaks appears to have as many domains, registered in various countries and jurisdictions as it does hosting options. I don’t think it is the loss of the domain which is the issue here, but the disclosure of their personal records, which irreparably damages them.

   Your TACOS states “NearlyFreeSpeech.NET will handle Registration Information will in accordance with a published privacy policy (“Privacy Policy”)”. The Privacy Policy says “We will not disclose your personally identifiable information to any third party without your prior consent unless legally compelled to do so.” “legally compelled” probably means “ordered by a court”. The Wikileak case exposes a loophole: what’s to stop you from stipulating to the court order? Saying that you’ve never done so in the past is beside the point. The loophole exists. And if you get sued over a member’s website, there will be an incentive to use it.

   Similarly, if a court with jurisdiction over us orders your site shut down, we shut your site down.

   I would not expect anything else. Life tends to get very unpleasant for people who ignore court orders.

   Comment by Daran — February 21, 2008 #

2. Wikileaks offline, then backs off

   But hours later the court amended the order, removing the requirement to disable the entire WikiLeaks domain but ordering that all JB documents be removed from all servers. This new order is a temporary restraining order, where the first order was a permanent injunction. Both orders were issued after an ex parte hearing, to which WikiLeaks says it received only hours notice.

   Comment by Daran — February 21, 2008 #

3. As far as a “loophole,” if you believe your privacy is protected by some words on a web page that could be changed at any time for any reason to say completely the opposite, you are kidding yourself.

   The only protection you have is that the people who wrote those words care about your privacy and will fight for it to the best of their ability.

   Ultimately, a lot of our service comes down to trust, in both directions, that people are going to do the right thing. Web hosts have a dizzying array of opportunities to screw their customers. If you don’t feel you can trust yours to do the right thing, under pressure or otherwise, you should select one you’re more comfortable with.

   On the amended order, it cures a lot of the defects and I’m glad it was done, but the domain remains inactive with the registrant’s contact informations exposed at the time I’m writing this, and it’s nearly a week since this all went down. So some nice-sounding words didn’t help that guy one bit.

   -jdw

   Comment by jdw — February 21, 2008 #

4. Think this is bad, network solutions pulled a page down while it “investigated” whether or not it was in violation of its AUP.

   see:
   http://blog.washingtonpost.com/securityfix/2008/03/networksolutions_precensors_an.html?nav=rss_blog

   Comment by Ben — March 24, 2008 #

5. A very well-written essay. 🙂

   I’ve not been paying too much attention to this affair, but agree from what I’ve read that the judge seemed at least a bit clueless, and the people at the registrar perhaps purposefully disingenuous.

   Naturally, for what it’s worth, when I first learned of it, the very first thing I did was read a few of the documents, hosted at a mirror. They were boring, no matter what may have been the legal implications for others. I didn’t even bother to keep copies. I’m sure though that copies will now be floating around in torrents and on other mirrors for years. Lawyers for big corporations never learn.

   Comment by Bumpy Light — April 5, 2008 #

Sorry, the comment form is closed at this time.