CyberTech Rambler

October 11, 2013

How not to send a DNS take down request

Filed under: Uncategorized — ctrambler @ 6:41 pm

Via TheRegister, I found the City of London Police’s request to EasyDNS to voluntarily take down the DNS registration of a torrent site a case study in how not to do it. It is so bad that it is worth EasyDNS doing a song and dance over it. Normally I would had left it at that, but it is that bad that it is also worth me analyzing their work. If, after reading my rant you find it worthwhile for you reading through it, then it is certainly a  very entertaining episode for all indeed.

I believe EasyDNS is correct in insisting that City of London Police  get a court order before it takes down the domain. It has a duty to its customers to make sure any request like this has the appropriate evidence to back it up. Being the requester, City of London Police has the duty to supply evidence to EasyDNS.

I do not condone Intellectual Property theft, but I do feel City of London Police’s action via the newly formed Police Intellectual Property Crime Unit (PIPCU) is extremely ill-advised. More later but first, let me clear something up that I initially got confused. I believe a lot of UK residents are in the same boat. As for all you international reader, you do not stand a chance. That something is City of London Police is not the same thing as Metropolitan Police. Most of the time, when you mention Police in London, one think of Metropolitan Police. In fact, this is the first time I heard about City of London Police. I had initially thought that it is a branch of Metropolitan Police. According to Wikipedia, Metropolitan Police is in charge of Greater London with exception of the financial district known as the Square Mile where it ceded authority to the City of London Police. Wikipedia believes the City of London Police is the smallest Territorial Police Force in UK.

This confusion is unfortunate, but it is not City of London Police fault. It does, however, explain why the whole operation lacks the professional standard one expect of a big police force. Their handling of the issue has the appearance of the Police doing the bidding of the overzealous Intellectual Property Owners. A larger force might had noticed this but a smaller force might not.

The other thing we should note that PIPCU is a newly formed unit (Sept 12). This is probably its first major operation. While we can laugh at it swallowing more than it can chew, we probably should give it time to find its feet and work out teething problems such as this. In the interest of seeing it grown into a more professional outfit and establish itself as an independent  body and not IP owners’ lackey, I will frame my hash words as  (unsolicited) advice:

First and foremost, get your website in order. According to your “About PIPCU” page, you specialize in ” tackling serious and organised intellectual property crime (counterfeit and piracy) affecting physical and digital goods (with the exception of pharmaceutical goods).” so handling a website should be easy for you. However, read that page carefully and you find a very obvious problem. You cannot say you are “launched” (past tense) on Sept 12 when the page was written on Sept 9th. Either you have a time machine (and in this case you should had noted how EasyDNS made a fool out of you) or you implied you were launched close to a year ago, i.e. Sept 12 2012.

Second, rework your take down request. The one posted by EasyDNS is weak and extremely unprofessional for a police force. It looks like, and reads like something the overzealous Intellectual Property Owner send out. My biggest grievance is your failure to to say what it really is.  That document is filled to the brim with the air of legal authority to compel but in reality is simply a request for help. As a police force you should had made it clear it is a request and that the  recipient has no duty to grant the request. Cloud it in legal sounding language is unbecoming of a police force.

Second biggest grievance on the take down request is, for a police force used to deal with evidence, there is no evidence of wrongdoing. What we get is simply a few sentences alleging wrongdoing. The allegations are beyond vague. The same way a police force should not send unsolicited letter to someone’s employer alleging that someone is a suspected thief, City of London Police should not be sending unsolicited notices to a person’s DNS service provider on vague allegation wrongdoing unless it is prepared to back it up. Section 3 is particularly laughable. It is just hot air. The title is funny too, why say “The grounds on which PIPCU is making the request” where  “The grounds on which we are making the request” or simply “The grounds for making the request”will do. Given it is on police stationery and it is carefully explained which part of the police force send the request, so who else is making the request? Could it be the result of someone rather than the police had prepared the document?

Next, how do you feel if someone comes into your office and tell you someone else is naughty and you should take action against him? Furthermore, that someone had carefully studied your rules and conveniently suggests grounds on which you can take action on. It put you on guard on what that person’s motive is. At best, you think he has an axe to grind. At worst, that someone is trying to ue you to bully someone else. Sometime, the person is desperate for something to be done. This is preciesly what City of London Police is doing when they alleged wrongdoing in section 3 then took the trouble to study EasyDNS Terms and Conditions and suggests to EasyDNS how to justify the action it wants EasyDNS to take. I will not go so far as saying City of London Police has an axe to grind or is bullying the domain name owner. However, it smack of desperation on behalf of the police: We cannot do anything so can you please please please help us out by doing something. It also looks like the Police is seeking an extra-judicial way of achieving something. That is dangerous ground.

I do not like the veiled threat of taking the registrar to ICANN. It is conduct unbecoming of a Police Force to even suggest that. Smells like bullying. If it came from a third world country we would had called it Police Intimidation.

Last point about the take down request makes me laugh out loud: THERE IS A DISCLAIMER ! ! The City of London Police asks you to take action. Never mind the flimsy excuse, they are not going to back you up if you ran into trouble! My take? The City of London Police know their request has no legs to stand on, and their lawyers try to minimize the damage with this disclaimer…

… Or is it that someone else written the document on their stationery and they just rubble-stamped it? My gut feeling says they did not write the document themselves. Too many things that just simply do not sound right for an official police document written by the police. For a start, it would not read the way it did. i.e., insisting on only one course of action. They normally spell out alternatives, set out appeals and complain procedure for the recipient (EasyDNS) and the persons affected, i.e. the domain name owner.

My final advise is for them to take a clue sheet from FBI: Instead of showing a generic logo on the redirected site, point it to a dedicated page tailored for the particular site. It does not cost much to create a page and maintain a page like this. Also, with exception of links to themselves, they should make sure there is no links to other websites. Those links are rightly dimly viewed as commercials and the Police favouring particular establishments. This is best avoided.

Advertisements

October 8, 2013

EU storing Telephone Records too …

Filed under: Uncategorized — ctrambler @ 6:57 am

The news world is just about getting calmer after the revelation that NSA capture basic information about telephone calls such as which number called which number, where, when and for how long. Before European get outraged, let us not  forget American are not the only one doing  that. EU is doing that as well.

How do I know? In an emotive case, UK police had just revealed that they are following up leads by combing telephone records. Definitely with the NSA saga in mind, the Detective Chief Inspector in charge said that this is not a  general trawl.  Unfortunately, as far as I am concern, if it quark like a duck, it is a duck.

Two big pieces of information here. One, at least the Portuguese is storing telephone records for more than the two years companies are required to store the records for financial/claims purpose. No offense to the Portuguese but they do not have one of the most well-funded technology country for storing records. If they are capable storing telephone records, we can infer that other countries, notably those in the EU, are doing the same.

Second, the justification here is it is a criminal investigation. That is a red herring. My proposition here is either we are fine with our telephone records being combed by authorities or not. For the record, I am fine with it. If we are going to allow the authority to  use criminal investigation as an excuse, then we are at the minimum consenting to allow our telephone records being stored. Why? Crime happens everywhere and cannot be predicted, so the only way telephone records can assist in criminal investigations is to put a dragnet, a.k.a. storing them, on all records and figure out which subset one wants to use later.  In reality we also accept that the authority can comb through the data whenever they want as it is the limit of current technology and resources  the reason why the records are not combed through for all reported crimes, and this limitation is being relaxed by the day.

So fellow netizen, mobile users and telephone users beware, your records are being combed through every day. The bigger the city you are living in, the more frequently your record is being inspected. Am I worried? Not really. Tesco probably know me better than me myself and I allow this to happen for a few penny. Police and other authority know me less than Tesco so why should I worry. Of course, perhaps after I hit “Publish” button, they will take the trouble of knowing me better than Tesco.

Create a free website or blog at WordPress.com.