Thought Paper on Domain Seizures and Takedowns

by Dave Piscitello on March 8, 2012

Recent legal actions (Rustock, Coreflood and Kelihos, among others) resulting in disrupting or dismantling major criminal networks have involved seizures of domain names, DNS name server reconfiguration and transfers of domain name registrations as part of the takedown actions.

This thought paper [PDF, 449 KB] offers guidance for anyone who prepares an order that seeks to seize or take down domain names. Its purpose is to help preparers of legal or regulatory actions understand what information top level domain name (TLD) registration providers such as registries and registrars will need to respond promptly and effectively to a legal or regulatory order or action. The paper explains how information about a domain name is managed and by whom. In particular, it explains that a seizure typically affects three operational elements of the Internet name system ­ domain name registration services, the domain name system (DNS) and WHOIS services ­ and encourages preparers of legal or regulatory actions to consider each when they prepare documentation for a court action.

The thought paper has been prepared by ICANN’s Security team, its authors and contributors are technical and operational staff, not attorneys (although persons with legal expertise were consulted in the preparation of this document). We will have members from the Security team at the upcoming ICANN meeting in Costa Rica and look forward to discussing this with the community.

{ 18 comments… read them below or add one }

George Kirikos 03.08.12 at 10:51 am

No section on “due process” or mitigating collateral damage?

Anonymous 03.12.12 at 8:49 am

Guess we now know that the ICANN is all about government control. It just shows that they are not the interdependent body like we thought.

Matt 03.12.12 at 9:53 am

hahaha wow.

I’m glad this is covered at

Do you even know what you should be doing anymore? Most people don’t want ICANN involved in domain names and especially TLD moneygrabs.

Jeremy 03.12.12 at 10:26 am

time for us to start looking at ways to route around ICANN

LOL 03.12.12 at 10:42 am

Techdirt said it best:

“This is exactly the opposite of what ICANN should be doing if it believes in preserving the basic structure and principles of the internet. But given ICANN’s general incompetence, is it really any surprise that it’s ending up on the wrong side of this issue, too?”

Steven 03.12.12 at 10:53 am

The publishing of this paper is shameful.

Richard 03.12.12 at 10:53 am

So were you lying then when you made this statement?

“”ICANN cannot comply with any order requiring it to suspend or place a client hold on or any specific domain name because ICANN does not have either the ability or the authority to do so. Only the Internet registrar with whom the registrant has a contractual relationship – and in certain instances the Internet registry – can suspend an individual domain name.””

M. Slonecker 03.12.12 at 12:07 pm

A thoughtful paper that deserves to be read so that a greater appreciation is obtained concerning the domain name system and the impact on it in matters pertaining to truncating a site.

WORK FROM HOME INTERNET 03.13.12 at 3:19 am

Non-profit releases paper explaining considerations and parties involved with domain seizures. Citing increased domain seizures and take downs due to criminal activity, the ICANN Security Team has released a paper explaining the process and considerations for complainants when trying to take down a domain name.

Lutz Donnerhacke 03.13.12 at 4:25 am

Hi Dave,

I’m shocked about you paper. What the hell is the reason behind drafting such a collection of (at least) misleading forms?

Your wording in the preface is completely irrelevant: It will be ignored. The only thing pushed into the brains of law enforcement and politics is the simple message: ICANN is willing to support all your needs. Fill those forms. No further questions asked.

For technical people the paper might be not directly wrong, but it is a political nightmare. By fulfilling your technically motivated desire to automate repeating tasks, you did implement the wrong solution.

ICANN has the obligation to protect the Internet by maintaining stable and secure provisioning of basic ressources. This is the main task ICANN has to fulfill due by various contracts, especially the §3 of the Articles of Incorporation as well as §3(b) of the Affirmation of Commitments.

Your paper draws the wrong solution, because it ignores this basic principle and opens the road to rank indiviual interests higher than the public interest in a single common Internet.

Given the political implications, your paper is a direct violation of §5(b) and §5(c) of the Articles of Incorporation as well as §4 of the Affirmation of Commitments.

Please let me quote from the legal document mentioned last:

To ensure that its decisions are in the public interest, and not just the interests of a particular set of stakeholders, ICANN commits to perform and publish analyses of the positive and negative effects of its decisions on the public, including any financial impact on the public, and the positive or negative impact (if any) on the systemic security, stability and resiliency of the DNS.

Your paper causes a strong impact to the creditability of ICANN.


Joe 03.13.12 at 8:56 am

The recent ICANN domain seizure and takedown paper simply reflects the reality that ICANN *is* subject to American law. If a court of
competent jurisdiction issues a valid court order to ICANN, ICANN,
just like any other corporation, MUST comply or they will face
contempt of court charges.

The recent draft document isn’t really anything novel. Pretty much
every ISP of non-trivial size has documentation explaining how
and to whom court orders should be sent, and what is and isn’t
technically possible when it comes to responding to such orders.
It’s a “FAQ,” albeit one that’s targeted at dealing with processing
of court orders rather than some technical topic.

It doesn’t represent capitulation to “the man” or surrender of any
customer rights to due process, it simply represents an attempt to
avoid everyone wasting ICANN’s time (and money) verbally
explaining the same basic material time after time after time, to
one prosecutor or investigator after another.

In the ideal world, there would be no cyber crime, there would be
no court orders, and corporations wouldn’t have to devote time
and effort to complying with those court orders. Until that sort of
utopia arises, ICANN should do what it can to carefully process
court orders according to well established — and *WELL
DOCUMENTED* — procedures.

I want ICANN to be transparent in what it does, including how it
handles court orders, and that’s precisely what the recent draft
document does.

I applaud ICANN for issuing this document, and would encourage
ICANN to also issue a quarterly or yearly summary of court
orders received, unless the court orders are received under seal
and cannot be revealed.

Rod Rasmusen 03.13.12 at 12:50 pm

This is an extremely useful document for law enforcement, officers o the court, private actors, and anyone who wishes to make a request to suspend or “seize” a domain name. There have been many high-profile “mistakes” made by law enforcement and others of late that have led to the incorrect suspension of domain names. There have been continual cases of the intent of an action (suspension of a domain so a criminal cannot use it) that have not been met, as domains are often deleted in this process, allowing the criminal to simply re-register it immediately. This guide can help ensure that actions around abusive domains get the intended results without causing harm to others. Law enforcement usually does not have the technical proficiency to fine-tune requests in situations that involve complex systems with wide-spanning consequences – whether that’s a domain name or a high-tech device. Providing guidance for being precise in what is requested and who it is requested of (whether it’s a registrar or registry) is vitally important to allow law enforcement, prosecutors, judges, and others to do their jobs appropriately and without harm to the greater community.

I would also note that several comments to this article seemed to have missed the intent of the piece, and that’s a shame. I would encourage people to fully read the document and note that it points out that the normal recipient of orders or requests is a domain registrar or registry – not ICANN. An order that comes in from a judge saying, “suspend this domain” can be interpreted in a huge variety of ways – this document simply tries to assist the court or whoever is making a request to be more precise, and should be invaluable to help get things done right, and avoid some of the very bad effects we’ve seen with some court sanctioned take-downs that have done harm to other innocent parties (

Elgin 03.13.12 at 4:55 pm

Looks like many readers of this article misinterpreted its purpose and intent. The paper is not an endorsement of seizures, and has nothing to do with ICANN being a party to such. It merely acknowledges that court orders are issued regarding domain names, and that people issuing those orders need to understand how domain names and DNS work so they don’t get things wrong and cause collateral damage. Seizures happen for all types of property, and the paper addresses those that happen with due process under law, involving a court. (I don’t see anyone complaining about seizing a drug dealer’s car…)

Franck 03.13.12 at 6:24 pm

Seems a balanced document.

This document does not encourage nor discourage take downs, it just says, if you want to do it, here is the information to provide to have the request considered in a timely manner.

I always argued that people get frustrated because they are barking at the wrong tree. This will help normalize the process and hopefully avoid silly things like SOPA.

Don Blumenthal 03.15.12 at 9:50 pm

I used to be in Internet law enforcement and now work for a registry. A document like this one is long overdue. As much as it might be nice to pretend that criminals aren’t on the Internet, it’s pure fantasy. Takedowns happens all over the world (despite the fact that it seems fashionable to blame all ills on US law enforcement), and this paper will in fact assist in safeguarding rights by helping to minimize errors in takedown processes and paperwork.

As has been said, it’s too bad that some critics of this paper didn’t really read it. The document is not an ICANN piece. Even if it were, suggestions that it violates ICANN precepts or rules are nonsense. To the writer who cited the AoC, do you really think that the US Department of Commerce would have a problem with a paper that facilitated cooperation between registrars/registries and law enforcement?

Cezev Dimitis 03.24.12 at 12:39 am

It’s plainly clear from some of the comments that folks are reacting to the title and haven’t actually read the paper. Another helpful guide for people who will read without prejudice or speculation is:

A guide for judges, prosecutors, police and lawyers

Michael Froomkin 03.29.12 at 8:56 am

I look forward to ICANN’s companion paper with equally careful advice for registrants of legitimate domains who have them erroneously subjected to actions via the UDRP.

carl 04.02.12 at 1:26 pm

Good article that explains why seizures are different than vigilantism. Warning. It uses big words and requires that you read it carefully :-)

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image