Josh Bourne ⬥ 21 April
Over the past few months, various instances of “domain name seizures” have been making news. But what exactly does it mean when the U.S. government or a federal agency “seizes” a domain name? FairWinds did some digging online and made some interesting findings to elucidate this question.
I started thinking about this questions when I learned that on Friday, the U.S. Attorney for the Southern District of New York formally charged three major online poker companies – PokerStars, Full Tilt Poker and Absolute Poker – with bank fraud, illegal online gambling offenses and money laundering. In conjunction with these charges, the U.S. Federal Bureau of Investigation (FBI), according to the indictment, “seized” the domain names that these companies use. Currently, the domain names PokerStars.com, AbsolutePoker.com, UltimateBet.com, UB.com (UltimateBet is affiliated with Absolute Poker) and FullTiltPoker.com all display a seizure notice from the FBI, as pictured here:
Curiously, the domain FullTilt.com, also owned by Full Tilt Poker, did not display the same message, but rather currently resolves to FullTiltPoker.co.uk. However, DomainTools captured a screenshot of FullTilt.com on Saturday, April 16, that displayed the same FBI notice as the other domains (see the thumbnail labeled “2011-04-16″ below). Now the domain is back up and running. So I began wondering what happened.
After a bit of digging into the WHOIS records of each of these domain names, I noticed a common thread: while the registrant information for all the domains remains unchanged, each domain except for FullTilt.com lists CIRFU.net as the domain name server. CIRFU stands for the FBI’s Cyber Initiative and Resource Fusion Unit, a spinoff of the Internet Crime Complaint Center (IC3) that investigates cybercrime. FullTilt.com, on the other hand, is hosted on a name server at UltraDNS.net, an enterprise outsourced name server solution owned by Neustar, on which FullTiltPoker.com and others had been hosted until Saturday.
So what I learned was, instead of transferring ownership of the domain, the FBI has essentially blocked all traffic to these sites by changing the name servers that host the domains to one over which they have exclusive control, CIRFU.net. For .COM domains, the FBI most likely did this through the registry, VeriSign, rather than through the registrars, which for these domains are predominately located in Europe. This provides some interesting insight into what it means when law enforcement agencies claim to have “seized” a domain name – rather than take possession of the domain, the government works with the registry to change the name server of record. Now that the FBI controls the server on which the domain is hosted, it effectively controls the domain. But it doesn’t actually own the domain in the standard sense.
I kept looking, and decided to check on some of the domains that had been “seized” by the U.S. Department of Homeland Security’s (DHS) Immigration and Customs Enforcement (ICE) division back in November for selling counterfeit goods and pirating copyrighted material. OnSaleTiffany.com, RapGodfathers.com and 2009Jerseys.com, all listed among the list of “seized” domains, have been hosted on the name server SeizedServers.com since late November, but the WHOIS registrant (owner) information for each has not changed. SeizedServers.com is run by immixGroup, an IT services firm that was awarded a contract with the DHS ICE back in May.
So what does it mean when the U.S. government “seizes” a domain name? From what I have found, it means that the U.S. government moves the domain from its current name server to one under its control. That means that the U.S. government can control what content users see when they access these domains, without ever taking possession of the domain, at least in the sense of becoming the registrant of record.
But what about those domain names that contain a brand name or a trademark? What recourse does, say, Tiffany & Co. have if it wants to reclaim the domain OnSaleTiffany.com? If the government actually took possession of the domain names it “seized,” it could redistribute them to appropriate parties in certain cases.
Just yesterday, news broke that the FBI had “returned” the domain names to Full Tilt and Absolute Poker in order to allow players based in the U.S. to withdraw their funds. Again, this is a misnomer – the FBI did not return the domains because technically, it had never taken possession of them. Rather, the FBI allowed the companies access to the domains, under the watchful eye of an independent monitor who will verify that the companies comply with the conditions set forth.
Tags: Absolute Poker, brands, CIRFU, cybercrime, DHS, domain names, enforcement, Europe, FairWinds, FBI, federal agency, Full Tilt Poker, ICE, indictment, Internet Crime Complaint Center, IT services, online poker, PokerStars, registry, Southern District of New York, U.S. government, VeriSign, WHOIS