http://news.yahoo.com/s/ap/20101201/ap_on_hi_te/us_tec_wikileaks_amazon

http://rulingclass.wordpress.com/2010/11/28/the-background-dope-on-dhs-recent-seizure-of-domains/

As has been reported, it looks like ICE, which is the principal investigative arm of DHS, has begun seizing domains under the pretext of IP infringement. But it’s actually not ICE who is executing the mechanics of the seizures. It’s a private company, immixGroup IT Solutions. Here is what is going down.

In May of this year, immixGroup IT Solutions is awarded a one year IT Services contract with DHS. The particulars of this contract:

Under this new contract, immixGroup will provide information technology operational services and support, implementation, and maintenance of DHS ICE C3′s software applications, network and CyberSecurity systems, as well as the maintenance and enhancement of applications that support law enforcement activities.

The contract includes one base year, one 12-month option period, and two six-month option periods; covers all four divisions of C3 (Child Exploitation, Cyber Crimes, Computer Forensics, and Cyber Training); and is critical to C3′s pursuit of criminal activity. immixGroup’s services in this effort include network maintenance, application development and support, forensic lab assistance, data storage maintenance, and information assurance.

On November 24th, immixGroup IT Solutions registered the domain SEIZEDSERVERS.COM, and primary and secondary nameservers, NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM, with Network Solutions, which is the registrar for this domain. Since the DHS contract is provisionally for one year only, the domain was only registered for one year(expires in one year).

immixGroup IT Solutions is using CaroNet to host their domain, including the authoritative name servers(NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM) for this domain. They have setup a simple web page, http://seizedservers.com/ or http://74.81.170.110 which is the same “Notification of Seizure” page you will get if you type in one of the seized domains in browser address bar(if you’re paranoid: yes, they are tracking using both Google analytics and piwik).

ICE is not actually “seizing” any servers or forcing hosting companies to remove web content from their servers; what they are doing is using immixGroup IT Solutions to switch the authoritative name servers for these “seized domains.” But they are not doing it at the Registrar level(by contacting the registrar for the domain and forcing them to update the authoritative name server info to point to NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM), but rather through the agency who controls the top level domain. In this case, all the “seized domains” appear to be .com and the agency/company who has the ICANN contract for this TLD is VeriSign(which also controls .net TLD). The changes are being made at the top-level authoritative name servers for the .com TLD, which would be the [a-m].gtld-servers.net. These are controlled by VeriSign(note: these top-level name servers are also authoritative for .net and .edu TLDs).

So, VeriSign, the owner of the .com TLD, is working in cooperation with DHS, and it appears immixGroup IT Solutions has what we might call an “IT Support Ticket system” setup with VeriSign.

That web servers are not being seized and web content not being deleted can easily be verified by clicking this link, http://208.101.51.57, which is the original IP Address of a seized domain, torrent-finder.com. It’s still up, and it appears it has registered a new domain, torrent-finder.info, that resolves to the original IP address. This site is being hosted by SoftLayer Technologies in Dallas, TX. So, it is certainly within US jurisdiction to be shut down if there was “a case to be made.”

Now the .info TLD is not controlled by VeriSign; it’s controlled by Afilias. So, an interesting little experiment would be to see if the torrent-finder.info domain remains up. As of now, we can only conclude that there is back deal between DHS and VeriSign that makes any .com or .net domain subject to seizure by the actions of immixGroup IT Solutions.

Lastly, there has been some speculation that this recent business of “domain seizure” portends the same tactics being used to seize the “wikileaks.org” domain. From a technical standpoint, understand that the .org TLD is not controlled by VeriSign; it is controlled by the Public Interest Registry. An interesting thing however: PIR has contracted out the technical operations to Afilias. So, if we were to see torrent-finder.info similarly seized, then this would mean that Afilias is also in cahoots with DHS, which could imply the .org TLD could be subject to the same type of “domain seizures.” As of now, there is no evidence of that. And, it should be clear, these type of domain seizures are completely different than the 2008 attempted shutdown of wikileaks.org by the US government. In that case, a U.S. District Court issued an injunction ordering Dynadot, which was the registrar for the domain, to remove all traces of Wikileaks from its records. That didn’t hold up.

Let’s start with the Myths of Clouds

1. The cloud will always work – This is the idea that some mythical service will always be at the ready, no matter where you are.  So when is the last time your electricity wasn’t working.  How did it make you feel.  I know anytime the power is off at my house I feel completely helpless to do anything about it.  Some people have generators, solar panels and the like, but most just sit in the dark and wait for the magical electric company cloud to start working.  Have you ever tried to find out what went wrong, how long until it will be back on…  I think you have and you never find those things out.  So when I think of cloud computing I don’t think of when it is working, I think of when it wouldn’t be, how would this effect me.  In life being self sufficient is a very strong position to be in.  Depending on a cloud for your works, your code, your letters, your data puts a person at a distinct disadvantage.
2. Your data is private – As data flows across your computer screen, out your router to your ISP’s network to various other mid points and finally to its resting place in your cloud, think about how many different computer systems have just touched your data.  What are they doing to it, did they save it?  Are all of there employees happy?  Are they organizing it without your knowledge?  Do you want to worry about things like this.  Over the years I’ve heard the analogy of a letter in an envelope as your data travels across the big internet range, but unless you encrypt your data end to end, everyone along the way can take a peek and do what they want.  In the news lately have been alot of stories about ISP’s “managing” their networks for P2P and whatnot.  I see this as one of two things and maybe both.  1) Your ISP wants to offer you services, it wants to get in the middle of whatever it is you want to do.  They don’t know quite how to do this but they feel at some point the opportunity will present itself and they want to be ready. 2) The government is/has mandated that ISP’s have a way to “answer” the government’s subpoena’s.  The scary part is that nobody knows what type of information the government will want in the future, and I believe ISP’s are doing the governments dirty work before it has even been asked to dig up the dirt.
3. Do you retain rights over your data – To use flickr do you give up rights to your photos, YouTube? Google Docs?  Check the EULA you do and you either agree or don’t use the service.  We all have a choice.  I think that choice should be NO and here is why.  The little tricks these services are doing is the old convince with the verbal word but get the truth down on paper. Have you ever been in a negotiation and had a sales person tell you something that later turned out to be false.  Could you do anything?  Not at all, whatever you signed was what you agreed to no matter what.  So when you click “I Agree” on that EULA popup that is you agreeing period.  Second almost every EULA allows the service company to change anything they want and you still have “agreed” sometimes without being notified at all (you’ve agreed to that to).  Does this sound right to you. It doesn’t sound ok to me.  What happens if you now don’t want to use the service.  You erase your profile, you remove your data but wait! They still get to keep it even thou you think you’ve deleted it.  Nice for them huh!
4. The cloud will protect you – So you don’t buy or care about my three previous points.  Your not doing anything wrong, you have nothing to be afraid of.  I beg to differ.  In a society where big business and the government are “in business” the citizens of that country are in big trouble.  What is legal today may not be legal tomorrow.  Do you really want your thoughts your private data to be sitting in the cloud somewhere for anyone at some future point in time to have access to.  Do you think the End User Agreement for this cloud service will include protections for you or will it have every conceivable out for the cloud service leaving you hanging by the noose.  Do you think if this cloud service gets a subpoena that they will notify you ahead of time?  When do you if ever think you would find out.  What if under the “Home Land Security Act” the government just wants to cruise around your data, take a peek, see what your up to?  How does that make you feel.  Ok?  Hey if it stops a terrorist why not I’ve got nothing to hide.  Ok neither do I but I still don’t think the forefathers had this in mind when they wrote the constitution I think they had freedom for the people in mind.
5. Who assumes the risk – You do period. Look at credit card companies, sure they limit your liability for charges to $50 but what about the new issue of identity theft.  Has any of the companies whose “data” (that would be your information about you) gets stolen ever had to respond to you the customer.  Sure some get fined, who gets the money?  Not you! Not me!  Who suffers when they don’t take care of your personal information, you do! Not them.

What can you do

1. Learn how to make your data available to your devices from your home network.  Do you need email access away from the home, don’t use a web based email service, set your home computer to download and delete the mail off of the mail server.  Then access you email from your computer.  Sure the information was still out there once but the trail runs cold.  Did you read it, do you still have it.  Nobody knows but you because you have taken possession of it in a private way.
2. Fight your ISP’s for more upstream bandwidth.  This is the bandwidth that goes from your home to a device, website, etc.  If you have slow upstream them accessing your home network will be slower than accessing other services from the same device.  Most ISP’s only quote the download speed.  Comcast 8Megs yea down but up is only 768k! incrediblily slow when trying to read emails, stream videos from your home collection, etc.
3. Learn to ask the right questions, instead of listening to the marketing hype.  Learn to be suspicious, nothing is free.  What does the service company get for offering this service for free, even if they charge money, what power to they obtain by being the “collector”, “Possessor” and “Gate Keeper” of all of this information.  A good example is Stock Market Trading firms.  They all offer nice little “Portfolio” Trackers, and “What if’s” for it’s customers to “try you theories” out.  This sounds great, you get a little space in the world to hold your next big stock market idea.  Except there is something wrong…  They get to hold “Everyone’s” next be idea for the stock market.  Now that is power.  They can now go through everyone’s data, mining it and using it for their purposes.  Doesn’t this give them a better advantage from “your” data than you get from it?  I think so.  Do your next big plan offline it will stay private.
4. Realize that there is no free lunch.  Companies are presenting their services like a drug dealer would present their drug.  The first one is free, then you get hooked and then they charge.

In Summary

In the end do you want control of your private data and your life.  If you do then learn and fight for keeping your data on your network not on someone elses.  As a final idea to take away ask yourself couldn’t a service like facebook work by saving your profile on your local machine and then allowing the facebook cloud to access your data when you allowed it too.  Think about this I’ll wait.  Did it hit you like a sledgehammer, It does me. Now think about your health records, wouldn’t you feel better if Google Health stored your records on your computer, then you selected which doctors, which hospitals would have access to it, if you ever become uncomfortable you could simply turn off access.  Of course this isn’t perfect since once someone accesses your data they can make a copy of it for themselves but still being able to shutoff access to businesses or individuals that you didn’t want to have access would be real consumer protection.  Lastly if your data is stored only on your computer, inside your house and the government wants access who do they need to come see, YOU.

tim

Permalink

Section 2 starts out all well in good, congress recognizes how important the internet is, the importance of the internet being a marketplace, having communities, etc. This is great.

Section 2 states how Title I of the Communications Act of 1934 would be changed. Here is where I get a little lost. In change (1) it states “to maintain the freedom to use for lawful purposes…” Now what I don’t get is why the need to mention lawful. Wouldn’t any illegal act being done over the internet be covered under a specific law already. Child Porn.. Yep, Fraud.. Yep, etc, etc. So why the need. In Change (3) it again refers to “lawful content” this begs the question what is lawful content, isn’t this still covered under current laws. If someone transmits information that is unlawful across the internet isn’t it already illegal? Someone please explain why these constant references to lawful and legal need to be in this law. Maybe there is a reason, read on.

Section 4 talks about requiring an assessment by the FCC to come up with specific requirements that ISP’s and internet devices must do or not do. Good so far. Under sub-section (2) part A it is talking about ISP’s ability to adhere to this said policy and it uses the phase “unreasonably interfering with the ability of consumers to do..” and then it goes on to mention several specific ideas or processes that ISP’s can’t “unreasonably interfere with. so exactly what does unreasonably interfere mean. I don’t know. Many wise men would disagree to what is reasonable so I see this as nothing but an out for the ISP’s. Big loophole. In (i) of Part A it again mentions lawful content and the ability of citizens to utilize the internet for lawful content. (ii) of Part A starts out “use lawful applications”. (iii) of Part A “attach or connect their choice of legal devices…” legal devices, ok so follow me here, what would be an illegal internet device. Does such a device exist yet? Maybe a scanning device would become illegal, maybe a logging device would become illegal. How can any policy on net neutrality have these types of provisions? Wouldn’t the addition (3) of the Title I Act which states “…as long as such devices do not harm the network…” cover all devices to ensure no harm is being done. I can only take (iii) of Part A to allow future laws or government acts to instantly and without recourse make any device illegal to use on the internet. Seems a bit odd to me. Maybe this is the same ability the FAA has to ground airplanes it deems unairworthy?

Maybe I just don’t understand the law enough to realize that the mentioning of lawful acts needs to be in the law. I haven’t read the laws concerning our nations highways, do they mention something similiar to “operating a motor vehicle lawfully”, etc maybe they do but if so why, if speeding is illegal why must another law cover the same act. In the case of the internet if the lawful phases where left out and someone robs a bank via the internet is their act somehow not illegal anymore because of net neutrality, I think not but then again I’m not a lawyer and maybe that is the case. I certainly hope not. In the end I believe in net neutrality but this bill seems to leave huge holes for ISP’s and industry to drive through. Really think about it, a few dollars here or there and all of a sudden my xyz device I’ve used for years is deemed illegal… It would be a shame.

Permalink