We’ve all seen an occasional cop show on TV. There is often this character who is absolutely certain of how they ‘got the guy’. the would-be hero cuts corners and kicks in the door — on some absolutely innocent old lady. The scene ends with the cowboy acting sheepish and their more sensible partner having to apologize profusely but ineffectively. We’ve all seen that scene on TV, right? And we all know that the more absolutely certain the gung-ho cop is of their moral imperative, the more likely the partner is going to wind up apologizing before the commercial break.
Well, it seems we now have seen a real-life high-tech version of just the same thing. With much fanfare, Immigration and Customs Enforcement (ICE), the part of the Department of Homeland Security (DHS) charged with federal action on child pornography, announced that it had seized ten domain names of sites accused of containing child pornography. The domains were ‘siezed’ by using a court order to force the domain registrar to change the record of the owner to the federal government. Once having the ownership, ICE instructed the Domain Name Service (DNS) to direct the domains elsewhere.
However, in this case it backfired. What happened was that roughly 84,000 owners of small web sites and blogs saw that their sites now pointed to a single page with a stern announcement that the site had been seized by the federal government for hosting child pornography, plus a warning to the visitor of the severe criminal punishment possible for people who visited sites like these. None of these sites were very big, but the smaller the site the more likely that the visitors are friends, family, co-workers, and close business associates: exactly the people anyone would be most horrified to get an accusation that they were a child pornographer.
What apparently went wrong was that the plan to seize the domain at the registry level did not think about sub-domains. What are sub-domains? It is a way of organizing a large web site. Any time you see a name and a dot before the main domain name then it is some form of a sub-domain.
To see how this can cause problems, it is best to use an example. The commercial side of the wordpress.org open source blogging software is called wordpress.com. At wordpress.com (and other low cost hosting sites like blogger.com) they will offer anybody free hosting of their blog in the hope of later selling them premium extra services. The free blogs all are in the form of (subdomain).wordpress.com. For example thegreenhorns.wordpress.com is a start-up micro-farmer organization. But there is no registration for thegreenhorns.wordpress.com – only one for wordpress.com. It is the servers at wordpress.com that route the the request for thegreenhorns.wordpress.com to the right site on their servers.
Among the sites of concern to ICE was a sub-domain at mooo.com. Apparently, among the 84000 or so mooo.com users was one that ICE believed needed to be shut down. I will trust that belief was sincere, just like our overeager cop-show hero is sincere. But there is no registry for sub-domains, only domains. ICE couldn’t seize (childporn).mooo.com, it could only force the registrar to change the entry for mooo.com. So that meant that ALL of the subdomains were sent to the federal page with the child pornography shutdown notice.
The mistake was discovered and corrected. However, because of the time it takes for a DNS change to get passed around everywhere, some places would still be seeing the child porn notice a full day later.
The idea of going after a domain at the registrar level is attractive to law enforcement because it prevents the site owner from simply switching from one server to another faster than the servers can be shut down. But in a case like mooo.com where thousands of innocent sites share the domain the individuals involved have to be specifically target for shutdown.
However the presence of subdomains does not automatically mean separate entities. Many sites use sub-domains for internal organization. For example, mail.google.com and maps.google.com and news.google.com are all part of google.com. This means that it takes researching the details before action. Remember, they weren’t trying to shut down thousands of web sites. They were trying to shut down ten. The extra effort to really understand those ten sites before figuratively kicking in the door would have avoided embarrassment.
But the real corner-cutting may be in making a big deal about shutting down ten sites. There are a lot more than ten people who will continue to make other sites until caught. Discovering, capturing, and convicting the people behind the conduct is more worthy of an ICE press announcement.