That does not reflect well on those people.

We’ve received quite a few emails (and signups) from them in the past week or so. They appear to believe that “free speech” means they can say whatever they want without repercussions. (It does not.) They expect us to agree with them about that. (We do not.) And they believe they’re entitled to our reassurance and, in some cases, assistance. (They are not.)

We have zero time and even less energy to waste on such nonsense. It is also difficult to express the full magnitude of our disinterest in passing some Internet Randolorian’s “free speech” litmus test. So we close all such inquiries without responding.

But I do want to make some things crystal clear.

First, we’ve been in the free speech business for nearly 20 years. We are experts at this. (We are capable of seeing through even sophisticated arguments like: “I said it. Therefore, it’s speech. Free speech is speech. Therefore what I said is free speech!”) So if getting your content online depends on your web host misunderstanding what free speech is, please save yourself some time; we’re not the right service for you.

Second, yes, hosting illegal content on our system will get you kicked off. You won’t get a refund. But it does not end there. There’s a school of thought that we can’t possibly be a “real” free speech host if we ever cooperate with the authorities. We didn’t go to that school. If you abuse our service to break the law, we will not only cooperate, we will turn you in ourselves.

When we cooperate with law enforcement, we do not do so blindly. We review their activities, both for abuse of power and to make sure proper processes are followed to protect our members’ rights. Such things are vanishingly rare, not (as they are sometimes depicted) the default. So if you’re expecting that we will automatically say, “Shove it, coppah!” anytime the police come calling about your site, we’re not the right service for you.

Finally, if you’re a racist, we’re not on your side. We are not your allies. We are not sympathizers. The “Free Speech” in our company name is not a secret dog whistle to you. We believe that America accomplished what it has despite the hatred and bigotry that has always plagued us, not because of it. We believe diversity is America’s spicy secret sauce, which we love. And we have no interest in living in a sea of mayonnaise. We do not want you to host your garbage here. We will not lift one finger to help you do that. We will kick you off the instant you give us a reason. We’re not the right service for you.

This bill is, as the name implies, ostensibly intended to fight sex trafficking. Sex trafficking is awful, and should be fought. But a lot of sex trafficking experts think that this bill won’t have that effect. That it will actually make things much worse for sex workers. For example, those sex trafficking victims that are supposed to be protected may suddenly find it illegal to talk about their experiences. Whoops.

(Yes, that’s a Jezebel link. If they don’t match your politics, fair enough, try Reason. Pretty much nobody on any side thinks this is a good idea, except a handful of underinformed celebrities. This is not a right-left issue.)

That’s probably reason enough not to pass it, or at least to go back and take another look. But that’s not the end of the story.

An amendment slipped into the bill also proposes to override section 230 of the Communications Decency Act. Without overstating the case in any way, CDA 230 is the reason small companies like ours can exist. It protects us from liability for the actions and content of our customers. That means if you don’t like what one of our customers has to say, you can’t sue us about it. The First Amendment is great, and we love it, but in everyday practice, CDA 230 is what keeps rich people and companies from filing nuisance lawsuits to force us to either censor our customers at their behest or drown in legal fees. They know that, and they hate it.

As the EFF has pointed out, if this protection is weakened, pretty soon the small voices will be silenced. Not because what they have to say is illegal, but simply because it might be. Fear of liability will force providers like us to either moderate all the content that appears on our service — massively Orwellian and expensive — or simply proactively disallow anything that might possibly create liability. Or just shut down and leave the Internet to the likes of Facebook.

In that climate, the only people who will be able to have websites will be people who can afford teams of lawyers and people who only say things so boring that they don’t run any risk of creating liability. Remember when mass communication consisted of three broadcast TV channels and everything said on them had to be approved by the channel’s “Standards & Practices” department, which censored much more than any law required them to because that was cheaper than fighting? Do you miss those days?

If you’re not that worried about us, that’s fine. Here’s why you should still care. Does your website have a forum? Does your blog allow comments? Do you have a feedback form? A wiki? Could someone post spam anywhere on your site offering sex for money? If so, enjoy your ten years in Federal prison. (And yes, we’ve seen several cases where people engaging in illegal activity find unmonitored corners of sites that allow user-contributed content and use them to communicate. We act to shut that down when we find out about it, but we’re strongly against sending the operators of those sites — or us — to prison for “facilitating” those communications.)

This sort of crackdown on online communication has been attempted several times in the past, usually around intellectual property. (Remember SOPA, PIPA, etc.?) But intellectual property owners, despite being good lobbyists, aren’t very sympathetic public figures. Sex trafficking victims are.

That is definitely reason enough not to pass it. But that’s still not the end of the story.

If you live in the United States and you ever took even a high-school level civics class, you probably ran across the concept of an ex post facto law. This refers to a situation where, if I’m in government and you do something legal that I don’t like, I make a law against it, I make that law retroactive, and then I use it to prosecute you for what you already did. That’s not how law works, and it’s not allowed.

But FOSTA contains this little tidbit:

(b) EFFECTIVE DATE.—The amendments made by this section shall take effect on the date of the enactment of this Act, and the amendment made by subsection (a) shall apply regardless of whether the conduct alleged occurred, or is alleged to have occurred, before, on, or after such date of enactment.

Whoops. I guess Mrs. Mimi Walters of California (the author of the text above) skipped civics class. To be fair to Mrs. Walters, the US Constitution is very vague on this point, and the language is convoluted and hard to follow. (“No Bill of Attainder or ex post facto Law shall be passed.” – Article 1, Section 9)

That’s not the only problem, nor is it only my opinion. The US Department of Justice agrees, raising “serious constitutional concern” about the ex post facto nature of the law and states that the is broader than necessary (meaning it criminalizes not only more than it needs to, but also more than the authors think it does). They are also concerned that despite making so much stuff illegal, this bill makes it harder to prosecute the actual sex traffickers.

When the Department of Justice tells you you’re making too much stuff illegal, obviously you take a step back and fix things… unless you’re the US House of Representatives.
In that case, you pass it as-is 388-25.

That’s right, the US House passed a bill that, our own liability concerns aside, makes it harder to prosecute sex traffickers, but criminalizes people speaking out against sex trafficking, including former victims. What the hell? Do sex traffickers suddenly have really good lobbyists?

The bill has now moved on to the US Senate. Internet superhero Senator Ron Wyden of Oregon is doing his best to save us all once again, as he has done so many times before. But he needs our help. If you’re in the US, please call or email your senators today and urge them to send FOSTA back to the drawing board in favor of something Constitutional, limited, and effective. FOSTA is none of those things.

This post is extremely long and detailed and is on quite a dense subject. Here is the short version.

Trouble is brewing.

ICANN, the body that has a monopoly on domain registrations, is now planning to attempt to take over domain privacy providers (like RespectMyPrivacy) as well. Driven in no small part by the people who brought you SOPA, they have a three-step plan:

1. They will introduce a new accreditation program for domain privacy providers, complete with fees and compliance headaches. (Meaning higher costs for you.)
2. As a condition of accreditation, require domain privacy providers to adopt privacy-eviscerating policies that mandate disclosure and, in some cases, publication of your private information based on very low standards.
3. They will require ICANN-accredited domain registrars (i.e. all domain registrars) to refuse to accept registrations that use a non-accredited domain privacy provider, thus driving any privacy provider that actually plans to provide privacy right out of business.

Here are some of the great ideas they’re considering:

• Barring privacy providers from requiring a court order, warrant, or subpoena before turning over your data.
• A policy based on the “don’t ask questions, just do it” model of the DMCA. Except that with the DMCA your site can be put back after an error or bogus request; your privacy can never be put back.
• Requiring privacy providers to honor law enforcement requests to turn information over secretly, even when under no legal obligation to do so.
• Outright banning the use of privacy services for any domain for which any site in that domain involves e-commerce.

If this happens, domain privacy will become little more than a fig leaf. Your private information will be available to anyone who can write a convincing-looking letter, and you may or may not be able to find out that it was disclosed.

The whole proposal is a giant pile of BS that does nothing but service ICANN’s friends in governments and intellectual property (think RIAA/MPAA) at the expense of anyone who’s ever set up a web site and thought that maybe it would be good if their detractors didn’t have their home address. But as much as some at ICANN want to, they can’t just scrap privacy services. ICANN’s members are domain registrars and they make a lot of money from it. So this is the compromise: providers can still sell privacy, it just won’t actually do any good, and when they hand over your info, if they tell you about it at all, they’ll blame ICANN and say their hands are tied by the policies they have to follow.

If you think maybe paying a lot more for a lot less privacy isn’t such a great idea, ICANN is accepting public comment on this subject until July 7th, 2015. You can email them at comments-ppsai-initial-05may15@icann.org or fill out their online template if you prefer.

If you do feel like submitting a comment on this, I encourage you to read this whole post (and, if you have time, the working group report). The more informed you are, the more effective your comments will be.


The full story

If you’ve never heard of ICANN, you could perhaps be forgiven for that. The Internet Corporation for Assigned Names and Numbers (ICANN) is the behind-the-scenes non-governmental organization that runs Internet domain registration.

If you are familiar with them, it may be thanks to some of their greatest hits:

• ICANN is the organization that granted Verisign a(n effectively) perpetual monopoly over .com and .net, complete with provisions for automatic regular price increases without any sort of oversight or justification.
• ICANN is the reason why we have to hassle you repeatedly when your domain expires, even if you tell us in no uncertain terms that you want it to expire.
• ICANN is behind the policy that requires your domains to be suspended if you don’t respond to email verifications that have ICANN-mandated text that frequently trips spam filters.
• ICANN is a “non-profit” that is massively profitable. The fees they charge (which are ultimately borne by you the domain registrant) are so far in excess of what they need to operate that as of the end of 2013, they had $168M in cash on hand.
• It’s ICANN that requires that when you register a domain, you make your full name, address, telephone number, and email address available in the public whois database, helping to make sure that anyone who might object, stalkers, creepers, criminals, mentally unbalanced people, big corporations or anyone else to find, harass, and possibly murder you.

ICANN is sad

For several years, something has been bothering ICANN. They’re worried that their treasured public whois database isn’t “effective” enough. (Some of us strongly feel that the public whois database is a menace and should not exist at all, but ICANN is not at home to that point of view.) Part of the effectiveness problem, they posit, stems from inaccurate information. And they’ve tried to address that with programs like WAPS (the “whois accuracy program specification” that leads to your domain being suspended for not clicking a link in a spammy-looking email).

But the real “problem” with the “effectiveness” of the public whois database is the proliferation of privacy and proxy contact services (like RespectMyPrivacy). These services allow you to outsource the service of making it possible to contact you by receiving mail, telephone calls, email, and faxes on your behalf and forwarding them to you. This is an invaluable service for anyone who may want to register a domain name but doesn’t have a (required) phone number. Or anyone who doesn’t want to put their home address on their blog about abuses by their local police department. Or anyone who doesn’t have a corporate legal department to hide behind, in an era when death threats, rape threats, and tricking SWAT into raiding people’s houses, all as retaliation for what people say online, are everyday occurrences.

So ICANN is looking to put a stop to that.

Their planned method of doing so is to introduce a new accreditation program for privacy and proxy providers, complete with fees, compliance requirements, and strict guidelines on how they can operate, and then to require accredited domain registrars to refuse any registration that uses a non-accredited privacy or proxy service.

That is, itself, a disturbing abuse of their monopoly position in the domain registration market to gain control of a related industry. Where does that end? How long before your ICANN-accredited domain registrar must refuse any registration that uses a non-accredited web host? How long before your ICANN-accredited web host requires you to use an ICANN-accredited payment processor? Or an ICANN-accredited blog software vendor? (Some large hosting/domain companies would just love the ability to dictate what providers you use for every aspect of your online presence.) If you’re a tech-head, and this sounds familiar, it may be because Microsoft was sued by the DoJ for using their Windows monopoly to force Internet Explorer on the world. However, the DoJ will not be our friend here as there are few things they despise more than online privacy.

They claim this is to protect registrants, but their actions do not bear this out. This is the initial report of their working group, and here are some of the ways they want to “protect” registrants:

• “Domains used for online financial transactions for commercial purpose should be ineligible for privacy and proxy registrations.” (Yeah, your home-based business? Sorry about that.)
• The working group is still debating whether accredited proxy providers would be required to comply with law enforcement requests not to tell a registrant about an inquiry, even and expressly in the absence of any legal requirement to do so. (Thankfully we live in a world where abuse of investigative powers by government agencies never happens. Oh, hang on a second…)
• Requiring a court order to release information to someone who asks for it is specifically called out as prohibited. I.e. an accredited privacy or proxy provider would be required to have a policy allowing disclosure of your private information based solely on “well it sounds like they have a good reason.” (Copyright and trademark issues have been specifically called out as nigh-unchallengeable examples of “a good reason.” Criticize a big company by name? “Trademark!” They get your info.)

Having read the entire 98 page working group report, it sounds like their goal is to adopt “don’t ask, don’t tell” as a policy; you can keep your information private as long as no one asks for it.

Much of the proposed policy is misguided on a technical level as well. There are many areas where the privacy and proxy provider would be required to take actions that such a provider can typically only do if they are also your domain registrar. Actions like publishing something in the whois database entry for your domain — like your contact information, often without your consent and possibly without telling you first. Only your registrar can do that. It could well be that independent companies (like RespectMyPrivacy) that exist only to protect your privacy will no longer be allowed to exist. Only “captive” services — those run by the registrars themselves — will be able to meet the proposed requirements. And I’m sure no one reading this has ever had a problem with one of those.

There are also huge issues the working group hasn’t considered at all, like correlation. What if Jane Smith has an online business and a blog? Even if her blog is “allowed” to have a private registration, her business may not be. (I say “allowed” because the nerve of a group of self-appointed people deciding who deserves privacy and who doesn’t galls me. Like speech, privacy is an inalienable right.) If someone doesn’t like the content of her blog, do we think they won’t look at her business domain to get her home address just because it’s unrelated? That’s pretty farfetched. Correlating details from multiple unrelated sources, and lying to get them are standard practice for Internet harassers and “doxxers.”

But, really, ICANN as an international organization tasked with managing domain names, should not be sticking its nose into issues related to the content. Which is ultimately what this is about. What determines if your domain will be eligible for privacy services? It’s content. What determines if your info will be revealed to anyone who asks? Your content. This is a massive effort by the “if you have nothing to hide, you have nothing to fear” crowd to undermine anonymous online speech.

Why are we telling you about this? Because right now the working group is soliciting public comment. You have the opportunity to make your voice heard. (Although given ICANN’s past disregard for the registrant constituency it supposedly serves, I won’t pretend that I’m expecting miracles. That doesn’t mean you shouldn’t do it. This isn’t a situation where we expect to tell them and for them to listen, this is a situation where we feel it will be important later to be able to say “we told you and you didn’t listen.”

What do we think about this?

There are real issues with privacy and proxy services. There’s a lot of trust there, as it is almost always possible for such a provider to hijack your domain if they decide they want it. So there is real potential for abuse, and some oversight really could help keep the industry clear of unethical providers. There are also some services that are really inadequate, like the registrar-affiliated ones that (in violation of already-existing registrar rules) plaster “POSTAL MAIL DISCARDED” in the address field.

Along that line, the working does have some good ideas for policies that privacy and proxy services not interested in screwing their customers would have. And anytime a good idea comes up, it doesn’t matter the source, so it’s certainly given some food for thought for how to improve things. But RespectMyPrivacy doesn’t need to be forced to improve things for its customers; that’s its job. So whatever good ideas do come out of this process, we’ll take ’em.

However, ICANN has demonstrated again and again that they prioritize the concerns of their executives, law enforcement agencies, intellectual property holders, registries and registrars; registrants are dead last by a wide margin. They are not an organization that most people would trust to look out for the best interests of registrants. We certainly wouldn’t.

If ICANN wants to develop an accreditation program for privacy and proxy providers, even if that’s nowhere in their official mission, they should feel free to do so. If they developed a good one, RespectMyPrivacy would do it. This isn’t a good one.

But even if they do develop an accreditation program for privacy and proxy providers, ICANN absolutely must not require accredited domain registrars to refuse to accept registrations that use privacy and proxy services not accredited by ICANN. That its morally bankrupt to do so really ought to be enough, but it’s also illegal. Their accredited privacy and proxy providers must succeed or fail on their own, not be handed success by banning everything else.

What to do?

The working group is soliciting feedback from the public on these issues, among others:

• Should registrants of domain names associated with commercial activities and which are used for online financial transactions be prohibited from using, or continuing to use, privacy and proxy services?
• If they do prohibit privacy and proxy services for domains that perform either “commercial” or “transactional” activities, should they define “commercial” or “transactional?” (No, I am not making this up.)
• Should it be mandatory for accredited P/P providers to comply with express LEA requests not to notify a customer?
• Should there be mandatory Publication for certain types of activity e.g. malware/viruses or violation of terms of service relating to illegal activity? (In this context, “Publication” means canceling the privacy service and posting all details in the public whois database.)
• Should a similar framework and/or considerations apply to requests made by third parties other than LEA and intellectual property rights-holders?

You can send your thoughts on these matters or on other aspects of the proposal to comments-ppsai-initial-05may15@icann.org by July 7, 2015. You may also fill out their online template if you prefer.

Please take a few minutes to tell the working group that you value your online privacy and that you oppose any proposal that will make it easier for large, powerful organizations and dangerous individuals to get at their critics. Tell them that policies that require providers to have low standards for disclosure of personal information harm that privacy. And please remind them that imposing requirements on privacy and proxy providers that are really the province of domain registrars will only create a broken, unworkable system that creates more problems than it purports to solve.

]]> https://blog.nearlyfreespeech.net/2015/06/27/icanns-assault-on-personal-and-small-business-privacy/feed/ 17 https://blog.nearlyfreespeech.net/2012/10/06/official-uk-government-attempt-at-censorship/ https://blog.nearlyfreespeech.net/2012/10/06/official-uk-government-attempt-at-censorship/#comments Sat, 06 Oct 2012 03:49:58 +0000 http://blog.nearlyfreespeech.net/?p=279 Free speech is a funny thing. A lot of people are for it, as long as it’s for them. An awful lot of people lose interest in principles when someone says something they don’t like. And lots of people who say stuff use NearlyFreeSpeech.NET to do it. So it’s not in any way unusual for us to get complaints, or random demands to remove a web site. Some small fraction escalates to a sternly-worded letter from a lawyer containing such toothy admonitions as, “If you do not immediately comply and confirm to me that you have done so, I will be forced to advise my client to instruct me write to you again.” It rarely goes beyond that, because at the same time they’re writing to us, the good lawyers are explaining to their client that web hosts have federal immunity against that type of lawsuit. Some few do go ahead and threaten to sue us, either because they don’t know better or they figure maybe we don’t.

Some time ago, we received a couple of emails from a private solicitor in the UK. UK lawyers are always more fun because the laws are so different there. (See also “libel tourism.”) They don’t threaten to write another letter. They threaten to sue you for eleventy billion dollars and the kitchen sink if you don’t remove whatever-it-is and take out a full page ad apologizing in the London Times in the next twenty minutes.

But sadly these emails weren’t one of those. They included a copy of a UK injunction mandating the removal of information from a web site that was not hosted with us. The solicitor claimed that a copy of the site had been set up on our service, and insisted that the injunction applied to it as well.

The site in question is about a controversial UK government program, and allegedly — I haven’t seen it — contains contact information for government officials overseeing the program along with the exhortation to contact them to express opposition to the program.

The injunction, in turn, is truly breathtaking in scope. It bars “unknown persons” (i.e. everyone) from publishing the names and official work contact information for those officials. It bans posting instructions on how to find that information. It bans doing these things “anywhere in the world.” It warns that anyone (anywhere in the world) who does this or helps in any fashion will face fines and prison. And, perhaps the most disturbing part, it was issued after hearing only the government’s side. Nobody was present to represent the rest of the world (sounds like a great reason to name “unknown persons” as a defendant to me).

The scope and ex parte nature of the order really concerned us. Fortunately, the usual course of action is for the person who wants a foreign court order enforced in the US to bring it to the relevant US court and go through a process called domestication. That process allows a US court to review the order in the context of US law and, importantly, allows us to weigh in on whether an order ought to be enforceable on us. That hadn’t been done. So we let the solicitor know clearly and politely that domesticating the order in a court with jurisdiction over us would be the appropriate next step. The solicitor nonetheless persisted until we let him know that we did not have the resources to engage in ongoing debate about a matter which, in the absence of domestication, was purely academic. End of story? Not quite.

Today, we received a first for us, a letter from the actual UK Treasury Solicitor’s office, the branch of the UK government charged with suing people on behalf of the rest of the UK government. It largely mirrors the private solicitor’s letter, and was much like most other complaints we receive. Much like most other complaints, they demand that we remove the content they don’t like. Much like most other complaints, they offer a bunch of (generally poor) reasons why we should/must do what they want. Like the first solicitor’s letter, they included a copy of the injunction. Like the first solicitor, they have not made any effort that we are aware of to domesticate it with a court that has jurisdiction over us. What’s different about it is this paragraph, toward the end:

“However, should you choose not to assist us in this matter, we reserve the right to seek an enforcement order. This may result in significant costs, which Defra would seek to recover from you. We note from other correspondence which we have seen that you have ‘limited resources’ and we do not favour this action, given that it may put the very future of your organisation at risk.”

The official lawyers for the UK government are basically saying on official letterhead (even their own filename contains “Letterhead”), “Hey, we heard you’re small. Well, we’re the world’s 6th largest economy, so we can put you out of business with legal bills if you don’t play ball.” Now, it’s not super-unusual to see a lawyer say something menacing about how if they win, you’ll have to pay their legal fees — even though that’s often not true in the US. What’s different here is that they dropped “if we win” and added “we will ruin you.” Stating that if someone doesn’t cooperate, your strategy will be to run up enough legal bills to put them out of business whether you win or not is a little different. It’s the sort of thing you expect to hear from the smarmy thug lawyer for the big bad corporation in a formulaic TV legal drama. We don’t generally see it in the real world from the legal representatives of a developed country.

Fortunately, they heard wrong. Our excellent legal team is ready, willing, and able to vigorously defend us should the need arise.

So, the story so far is that we asked to have the proper legal process followed, and the UK’s lawyers threatened to destroy us. Despite this, we are refusing to censor our member’s site. We steadfastly believe we are under no legal obligation to do so, that we will prevail in any US legal action that arises from this matter, and that any attempt by the UK government to spend us into oblivion will fail. More news as it happens.

The original injunction, the Treasury Solicitor’s letter, and our response to them are linked below. The letter does identify the site and in accordance with our Privacy Policy, the member’s permission to post it was obtained. We have redacted names and email addresses from the injunction.

Injunction

UK Treasury Solicitor Letter

NearlyFreeSpeech.NET Response

]]> https://blog.nearlyfreespeech.net/2012/10/06/official-uk-government-attempt-at-censorship/feed/ 40 https://blog.nearlyfreespeech.net/2011/12/24/welcome-sopa-refugees/ https://blog.nearlyfreespeech.net/2011/12/24/welcome-sopa-refugees/#comments Sat, 24 Dec 2011 07:47:41 +0000 http://blog.nearlyfreespeech.net/?p=250 We have seen a massive surge in signups (something like 15x usual) over the past couple of days and I think most people can figure out why.

Welcome to all of the people voting against SOPA. (If corporations are people, and money is speech, I think that means spending is voting. I may be hazy on the details.)

Since it shot straight to the top of the “frequently asked questions” list: yes, we oppose SOPA.

However, we have been a lot more calm about it than most people might think. Here’s a forum post from about it from December 15th:

SOPA doesn’t really change anything vis-a-vis us. It’s more directed at retaliating against sites hosted outside the US’s traditional jurisdiction by messing with their DNS and payment mechanisms.

SOPA is a bad law, poorly written, that should not (and probably will not) see the light of day. Like all laws of its type it will be susceptible to abuse (see also PATRIOT act, DMCA). But I think its critics are doing the world a disservice by overstating both the chance and imminence that it will pass and the scope of it. “Death of the Internet predicted” is a meme with its roots in antiquity at this point, and the Internet is still here. Dumb laws threatening the Internet get proposed every year.

In this case, it’s hard to get too excited, because the guy behind this bill (who is bought and paid for by Hollywood despite being from Texas) may be dead set on getting it through the house, but Ron Wyden is dead set on killing it in the Senate. One guy can’t force something through the House. One guy can stop a bill in the Senate.

If you’re in the US, by all means, contact your Congresscritter and tell them SOPA is a bad law that puts too much power in the hands of self-interested copyright holders, giving them every incentive to overreach and shifts the consequences for doing so unfairly onto the victims of mistakes and misuse. Tell them to bury it.

My impression is that certain groups are using this to panic people to raise money, and I don’t like that at all. Don’t give into the panic. Read the bill yourself. Follow its progress. Express your opinion to your elected officials in a way that shows you’re speaking from knowledge not some scare campaign. Then relax. (For now.)

Although I hear from the most recent signup messages that changing stance on SOPA is now all the rage, we’re going to stand by our previous position. SOPA sucks, it’s a bad law that will almost certainly not get passed, and the right course of action continues to be to calmly monitor developments and take thoughtful, judicious action where appropriate to make sure it doesn’t stage a comeback on us. In my opinion, getting tabled in the House until after the break is a signal that SOPA’s chances are weaker than ever. However, there probably will be another opportunity to keep a boot on its neck in the spring if Lamar Smith (R-Hollywood) decides to revive it and see if people have stopped paying attention.

That’s why we’re staying very calm about it. It’s important not to let all the opposition burn too hot and fast now. Even after it finally dies in 2012, it (or something like it) will be introduced in 2013. When they wear down the opposition, they’ll pass something.

There does seem to be a current of “sign up with us to show your support for SOPA!” marketing going on. I can’t really get behind that either. If you want to change away from a provider that does support SOPA, by all means, please do. But please don’t sign up with us for any reason other than “I want pay-as-you-go do-it-yourself web services from people who care!” I mean, sure, we are recurring monthly supporters of the EFF, and they’re leading the way on responsible opposition to SOPA, so if you squint it sort of looks like signing up with us helps fight SOPA. But we do that anyway, and we won’t pretend it’s not in our best interests to do so. If you want to show your opposition to SOPA, by all means, sign up, but also consider joining us in donating to the EFF. They’re doing an excellent job with it and the many other issues going on right now that mustn’t fall through the cracks.

If you want to do more, and you’re from the US, find your Congresscritter and tell them (calmly and rationally) why it’s important. I don’t mean mail/fax/email, I mean show up. They’re up for election next year. They’ll be out and about. Show them you care enough to be there, and that you’re watching them. (And, of course, be calm, friendly, and very well informed.)

Please also keep in mind that the giant print at the top of our home page says “We Host Web Sites” not “We Sell Domains.” We are first and foremost a web host, and our domain registration is designed to meet the needs of our web hosting customers. We do not have domain registration feature parity with Go Daddy or any other full-service registrar. We would love to provide domain registration service to you, even if you don’t host sites with us, but please review our services and make sure we offer what you need.

Thanks everyone!

PS: Also, in case it is relevant: I do own guns. I do not shoot elephants.

]]> https://blog.nearlyfreespeech.net/2011/12/24/welcome-sopa-refugees/feed/ 14 https://blog.nearlyfreespeech.net/2008/02/21/wikileaks-what-would-you-do/ https://blog.nearlyfreespeech.net/2008/02/21/wikileaks-what-would-you-do/#comments Thu, 21 Feb 2008 05:57:47 +0000 http://blog.nearlyfreespeech.net/2008/02/21/wikileaks-what-would-you-do/ A NearlyFreeSpeech.NET member posted a clip of a news article about the Dynadot / Wikileaks situation in our member forum, asking what we would have done about it.

We have a powerful allergy to hypothetical questions. There are a lot of reasons for that, but the here are three of the best ones:

1) People asking us hypothetical questions often tend to leave inconvenient details out in an effort to get the answer they want. Example:

People often ask: “Will you shut my web site down if it gets complaints?”

People sometimes mean: “Will you shut my illegal warez site down if it gets DMCA complaints?”

Sometimes, people think that if they can get us to say that something is OK, or allowed, or that we would do something if something else happened, then later, when the inconvenient details come to light and something bad happens to them, that somehow being able to point back at an answer they conned out of someone will make a difference. That never works, but people still try.

2) Since they are so vague and are based on so many assumptions, hypothetical questions have a nasty habit of multiplying without bound as the various possibilities are explored. Even worse, they sometimes spiral toward ridiculousness.

Q. … OK, but what if secret agents from my country’s government break into your house and threaten at gunpoint to kill your family if you don’t give them my identity?
A. You’d read in the paper about “District attorney confirms no charges to be filed against homeowner in home invasion-related shooting deaths.”
Q. But what if they had machine guns and got the drop on you?
A. Uh, if that happens, l’d probably tell them.
Q. See, I knew your privacy policy was crap! Screw you! (Oops, that’s not a question.)

(The above is not an actual exchange, since we just don’t go down that road, but we’ve had a couple over the years that were definitely going that direction.)

3) Hypothetical questions often simply require information we don’t and can’t have. The classic and most frustrating example of this is: “Tell me specifically how much my site will cost to host with you.” Since our service is billed based on resource usage with no minimum, answering this question requires exact foreknowledge of future traffic to a site which we unfortunately do not possess.

“What would you have done?” is clearly a hypothetical question. But wait, there’s more.

We also try (not always successfully) to avoid criticizing other providers. I want to focus on what a great company we can be, and how we can be better. It takes up all my time just to do that. But if I woke up one morning and decided to go off on the competition, there are enough weasels, scoundrels, and asshats in this business that, if I started right after breakfast, I don’t think I’d get to Dynadot by the end of day one. I’m not sure I’d even heard of them before this incident.

So, if I correctly surmise that the member who asked doesn’t think Dynadot looks like the hero in this, weighing in with what we would have done in their place could easily be taken as exactly the sort of criticism of competitors that we try to shy away from.

Thus, after all that preamble, my answer has to be: I couldn’t say. We haven’t been in that particular situation and don’t know the specifics of what transpired between the various parties up to that point.

However, I did read all the material I could find on that matter, and what I can do is briefly go through the parts of the injunction, since it’s hard to get more specific than that, and offer what comments I can.

First off, it’s important to note that Dynadot appears to be the registrar for the wikileaks.org domain, but I don’t see any evidence that they were the host. That’s actually a very relevant distinction, as we’ll see.

1. Dynadot shall immediately lock the wikileaks.org domain name to prevent transfer of the domain name to a different domain registrar, and shall immediately disable the wikileaks.org domain name and account to prevent access to and any changes from being made to the domain name and account information, until further order of this Court.

Most of this is not that unusual. Courts like to freeze things right where they are while a dispute is in progress. It does say “and disable the wikileaks.org domain name.” They say this several times, and appear to mean something different each time. Here, I think it was supposed to refer to disabling access to the UI that controls the domain name.

2. Dynadot shall immediately disable the wikileaks.org domain name and account such that the optional privacy who-is service for the domain name and account remains turned off, until further order of this Court.

This seems odd to me. Dynadot is certainly capable of producing the identity of the registrant and/or domain contacts to the plaintiff in response to a subpoena. But how are imminent damages to the plaintiff mitigated by providing it to the general public?

3. Dynadot shall preserve a true and correct copy of both current and any and all prior or previous administrative and account records and data for the wikileaks.org domain name and account.

This one is pretty “duh.” If you’re a party in a lawsuit and the other side says “We need information XYZ” and later that night you shred XYZ, you’re in a lot of trouble.

4. Dynadot shall immediately clear and remove all DNS hosting records for the wikileaks.org domain name and prevent the domain name from resolving to the wikileaks.org website or any other website or server other than a blank park page, until further order of this Court.

This is the heart of the injunction. The plaintiff claims that allowing this material to remain available irreparably damages them. The judge agrees (as, apparently, does Dynadot if they stipulated to it).

I assume (without knowing for sure) that there was other content on the site besides the documents in question. Forcing it all offline seems like a disproportionate response. But Dynadot is the registrar, “all or nothing” is probably the only option they have. So if you accept that the registrar has some obligation to disable access to this material (and again, it appears that Dynadot accepts that, since they stipulated to this), disabling the domain name would be the only way for them to do that.

At first, I thought that DynaDot was the registrar and the host. Then, when I realized that DynaDot was just the registrar, here’s the scenario I constructed…

Suppose Wikileaks is hosted all over the place. Suppose they really don’t like you and are “disinclined to acquiesce to your request” to take down material. (Means “No.”) Suppose that every time you move in on their host in country X, they just flip the DNS at the registrar to a host in country Y. That registrar is the point that’s not moving while all this is going on (or could be going on, if you’re planning ahead). The people running the site are a small group of probably-not-rich people who could be anywhere, and probably are. Suddenly the registrar does look like the best target.

If you’re the plaintiff, trying to get the registrar to shut down the domain makes a lot of sense. You go to the registrar’s home district and try to get the judge there to order the name to be suspended. So if you’re the plaintiff, you’re likely pursuing your best legal strategy. But DynaDot stipulated to it. If you check your notes, they aren’t the plaintiff.

5. Dynadot shall immediately produce both current and any all prior or previous administrative and account records and data for the wikileaks.org domain name and account, including, but not limited to, all data for the registrant; billing, technical and administrative contacts; all account and payment records and associated data; and IP addresses and associated data used by any person, other than Dynadot, who accessed the account for the domain name, to the extent such information is maintained by Dynadot.

This goes past retaining the records to producing them. In a lawsuit, subpoenaing the opposing party to produce records you think will help your case (the discovery process) is very common and straightforward. Having the judge order production of the records is a lot less common; it usually only happens if they try to quash the subpoena and fail, or if they flat out refuse (at which point, if they don’t follow the judge’s order, they go to jail). I’m guessing that the records were already subpoenaed and this order is just codifying that, since Dynadot is being dropped as a party. That still seems unnecessary; just because they’re not a party doesn’t mean you can’t subpoena their records. But never underestimate lawyers’ fetish for pointless overkill.

In general, when you subpoena records to identify somebody, the person about to be identified has the opportunity to try to quash the subpoena. Some of the RIAA college cases are good examples of this. If I understand it correctly, one of Wikileaks’ complaints about the timeline was that this opportunity was not afforded to them. If that’s correct, it seems at face value like a reasonable complaint.

That’s it. #6 just gives DynaDot their get out of jail free card.

I haven’t seen the original complaint or the rest of the documents, so I don’t know what it is that DynaDot, as the domain registrar, is actually supposed to have done to merit being a party in the suit in the first place. Which brings me back to: why did they stipulate to this? I just don’t know, and that in itself is a darn good reason why the “what would you do?” question is unanswerable.

But the part I find the most confusing is that this is a permanent injunction. Wikileaks is still a party to the lawsuit, which hasn’t been decided. They could win the suit outright, but that won’t rescind this order. They’ll probably never get their domain back without separately appealing this order. With the information currently available to me, I’m inclined to hope they do. It looks like an overreach by the court. In fact, an appeal may be what DynaDot is hoping for; if the order is overturned, Wikileaks gets their domain back but DynaDot is still off of whatever hook they thought they were on.

While I can’t say what we would do, I can say what we have done. NearlyFreeSpeech.NET has never stipulated to a legal agreement revealing a member’s identity or terminating a member’s service for the purpose of escaping civil liability. We have no need to do that. We don’t really do anything ourselves but keep some equipment running in a particularly fancy way, and we have very broad legal protections in the United States that defend us from liability arising from the content of member sites. That only makes sense; we don’t edit, approve, censor, or review the content that appears on web sites members of our service create using the tools we provide. How could we possibly be responsible for it? That is our official position, and while it has produced a thick folder of would-be challengers over the years, none of them has ever prevailed. This protection is vital to our business’s survival; without it we simply could not exist. Whenever it comes up, we have absolutely no choice but to fight to the death to protect it, because if we lose it, we’ll be dead anyway. Don’t corner the wild animal!

I should clarify that our primary interest in defending such challenges is in protecting ourselves and our ability to continue to provide service to the rest of our members. If you do something on your site that gets you sued, you’re absolutely, positively on your own. We are a hosting company, not a free legal clinic; we aren’t going to defend you, and you may, in fact, wind up paying for part of our defense.

Similarly, if a court with jurisdiction over us orders your site shut down, we shut your site down. There are laws in this country, and we follow them. So you do not obtain, as some hope, magical special protections from the consequences of your actions merely by hosting with us. Free speech, Nearly or otherwise, is both a right and a responsibility.

What you do get, which I think is still quite remarkable, is some reasonable confidence that if you are hosted with us, no one will get to you simply by threatening us. Unless, hypothetically speaking, they are a gang of machine-gun toting foreign spies with a quiet step.*

So there you go. It’s not a “what would you do?” but I hope it gives some insight into our thought processes when we face these types of issues.

*It’s a joke, not a dare. Please, no automatic weapons.

]]> https://blog.nearlyfreespeech.net/2008/02/21/wikileaks-what-would-you-do/feed/ 5 https://blog.nearlyfreespeech.net/2007/06/26/fresh-tacos/ https://blog.nearlyfreespeech.net/2007/06/26/fresh-tacos/#comments Tue, 26 Jun 2007 23:41:06 +0000 http://blog.nearlyfreespeech.net/2007/06/26/fresh-tacos/ We have made our first update to our Terms & Conditions of Service in over a year, moving from version 1.0.4a to 1.0.5. As the version number suggests, it’s a minor update, but as we have done in the past, we’re making an announcement about it just because we don’t want there to be any ambiguity about it. (This is our “attempt to notify you through reasonable means when the TACOS change.”)

As with previous updates, the changes are noted at the bottom. I’ll include them here:

6/26/2007 1.0.5

• Split the CONDUCT AND CONTENT section into CONDUCT and CONTENT sections since they really have nothing to do with each other.
• Renamed the CONTENTS section to INGREDIENTS so it would not be confused with the new CONTENT section.
• Reword the thou-shalt-nots in the CONTENT section. Nothing about our implementation of this section or our views on what content is or is not acceptable is changing; this is just our annual effort to stay ahead of would-be-evildoers looking for loopholes in the wording.
• Add to the CONDUCT section a couple of things from the should-have-been-obvious department. (Don’t give out your login info and do not taunt happy fun tech!)
• Still chasing XHTML compliance.
• A couple of minor spelling and grammar fixes.

As far as policy changes, there really is not much to speak of. We will be thumping people slightly more vigorously in the future for giving out their login and password to others, because there is just no reason to do so and we always end up cleaning up the messes that result. Similarly, we can take the occasional criticism, and we know and use words from all spectrums of the English language, but the anti-taunting provisioning has been added so we have the appropriate ammunition to address the once-a-year-or-so case where somebody goes completely fruit loops. Like this person, who did not appreciate being asked to read the FAQ:

(bleep) you and your inadequacies turned vindictiveness. for real (bleep), (bleep) you cause you’re gonna (bleep) with my (bleep) cause you’re inept. i hope you get hit by the (bleep)ing bus (bleep).

(The full email from which this excerpt was taken, which was only one in a series, set the all-time single-email record for profanity and went on to a place of glory as the number two entry in our “Top Ten Funniest Support Emails” hall of fame.)

On a more serious note, I hate revising the TACOS. I hate how long they are already, and that every revision makes them a bit longer. I know in my heart that a lot of the world’s longest and most outlandish Terms of Service got that way one sentence at a time and that we must not let that happen here. I also know that as the length goes up, the number of people who read the TACOS goes down and members who don’t read the TACOS but agree to them anyway are letting the terrorists win.

So here’s hoping we can make it another year without touching them again, and that any change that would make them longer and more restrictive gets hit by the (bleep)ing bus, (bleep)!

]]> https://blog.nearlyfreespeech.net/2007/06/26/fresh-tacos/feed/ 1 https://blog.nearlyfreespeech.net/2006/11/15/so-many-categories/ Wed, 15 Nov 2006 08:13:13 +0000 /blog/2006/11/15/just-another-test/ So few posts. Until we’ve got posts in every category we’ve posted this one to all of them, so you can see what’s in store and subscribe to the feeds you want before you miss anything.

If this is the only post you see in a category, it just means the category hasn’t been assigned any real posts yet.

]]>