Wikileaks (that link works) is a website where, as you’d imagine, leaked information is published. Primarily we’re talking about documents from jurisdictions without ‘strong’ protection of freedom of expression or freedom of the press.
This week, it seems that the site (or the main version of it) was ‘shut down’ by court order. Yes, this does happen – and indeed, sometimes a temporary shutdown is not the worst thing in the world if it allows for a proper hearing and (hopefully) a speedy restoration of the content other than in exceptional cases. An order shutting down a site is in all practical ways similar to a pre-publication ‘prior restraint’ order directed towards a newspaper or broadcaster, and should be used with the greatest of caution.
However, the real fear here, and what troubles me about this situation, is the way that the original judge hearing the application (ex parte, i.e. without the involvement of the defendants at this stage) appears to have used a pretty big hammer for this nail. In this post, I argue that this decision is wrong and that in the Spamhaus case of 2006, an alternative and more appropriate approach was taken by a court faced with a broadly similar request.
The judge in this week’s case ordered that:
Dynadot shall immediately clear and remove all DNS hosting records for the wikileaks.org domain name and prevent the domain name from resolving to the wikileaks.org website or any other website or server other than a blank park page, until further order of this Court
Dynadot is the registrar for the domain name. That means that someone paid Dynadot around ten dollars a year to register wikileaks.org and point it towards a web server somewhere.
Ordering that the DNS records be removed is draconian yet inadequate – not what you’d expect a judge to be doing. It’s draconian in that it is effectively a summary punishment making a site ‘disappear’ as if it never existed, being the equivalent, from the point of view of the average user, of making a street address and telephone number magically disappear. Yet it’s also inadequate in that the underlying content is not affected by the DNS and therefore the IP address should enable the content to be accessed. (Reminder for the less obsessed reader: IP address – series of numbers like 22.214.171.124 that identifies the location of the webpage, domain name – something like lexferenda.com that is ‘converted’ into an IP address).
Thankfully, an amended order was issued that seemed to be more appropriate (although without knowledge of the facts, obviously it’s still possible that the order was inappropriate on factual grounds – but at least, and noting that this is an interim injunction of some description, we’re back in Kansas for the time being).
Court orders to delete DNS entries are dangerously closed to being a semi-legal version of the Internet Death Penalty of techie lore, i.e. blocking all packets from a particular domain as an anti-spam measure. As Dynadot’s action will propagate through the DNS within a day or two, the court is – basically – rolling its sleeves up and pulling the plug in a pretty sneaky fashion (the user won’t know how or why the site has gone – it literally vanishes from public view, assuming that the public in general use domain names and not IP addresses!).
The California First Amendment Coalition attacks the decision as doing the work of oppressive foreign governments. The Guardian has a shot at explaining the story on its technology blog. Jonathan Zittrain writes about the story in a blog post, Wikileaks and Points of Control; the title echoes Zittrain’s influential 2003 article on Internet Points of Control and much of his subsequent work. The Register reminds us that the order also included a block on transfer of the name to another registrar.
Those of you with long memories may remember the Spamhaus case a while back, 2006 to be precise. Basically, as part of a wider case, a proposed order was submitted to a court that would have ordered ICANN (the global organisation that (in some way) administers or supervises the domain name system – I did my LLB thesis on how this happens and other issues, it’s lots of fun) to remove Spamhaus’s registration. ICANN made it very clear at the time that it couldn’t do this if it wanted to. Indeed, the final order in that dispute (PDF) is a good explanation on why the first order in the Wikileaks case is wrong; it explains carefully the two key points, that neither ICANN nor the (Canadian) registrar have any involvement in the matter, and that a court order should be directed towards the offending activities and not the site as a whole. (Don’t forget that the latest in that case is that the injunctions and damages that were awarded have been quashed and sent back for further consideration.
Remember, the domain name system itself works off what I and others have been arguing for some years is a relatively narrow point of control (by necessity), being the root server system, which the US government has self-declared full legal control over, albeit self-restrained in various ways and integrated with a separate industry/techie-driven standards model and the quasi-international organisation that is ICANN. If courts find that they can point their bizarre orders in this direction (i.e. towards the DNS) – perhaps this week’s decision should be a wake-up call in that regard – then we are on new ground. The continuing lack of clarity at an intergovernmental level over ‘what to do’ about ICANN and net governance will come back to bite us, if this example is the first of many. If it’s not, then it’s another false alarm – but how many false alarms do we need before taking the question seriously?
Anyway, follow the story as it develops (and where I spotted it first) at the invaluable Citizen Media Law Center.