Senator Wants Answers from DHS Over Domain Name Seizures

Sen. Ron Wyden (D-Oregon) said Friday he would demand answers from the Department of Homeland Security about its domain seizure program known as Operation in Our Sites after it was revealed that the government kept a hip-hop music review site’s name for a year without affording the owner a chance to challenge the seizure.

Wyden also wants to know why there was no court record of the case, other than the initial seizure filing a year ago.

“I expect the administration will be receiving a series of FOIA [Freedom of Information Act] requests from our office and that the senator will have very pointed questions with regard to how the administration chooses to target the sites that it does,” said Jennifer Hoelzer, a Wyden spokeswoman. She said the senator was “particularly interested in learning how many secret dockets exist for copyright cases. There doesn’t seem to be an obvious precedent or explanation for that.”

Wyden’s interest comes a day after federal authorities returned the domain name, which was back online greeting visitors Friday with a powerful message about proposed web-censorship legislation that expands the government — and copyright holders — power to shutter and cripple sites suspected of copyright infringement.

The federal government already has the power to seize web domains under the same forfeiture laws used to seize property like houses, cars and boats allegedly tied to illegal activity such as drug running. A year ago, it started invoking that law against sites marketing and trafficking in counterfeit goods, unauthorized sports streaming and unauthorized music — seizing more than 350 domain names in all.

One of those sites caught in that crackdown (.pdf) was Operation in Our Sites, run by the Department of Homeland Security, accused the site of allowing its users to download pre-release music. But as it turns out, some of that music was sent to the popular blog by the artists or labels.

The site’s homepage on Friday was dominated by a video pointing to alarming legislation known as the Protect IP Act — which is stalled in a procedural muck — that a Senate committee passed months ago basically giving copyright owners the right to shutter websites believed to be dedicated to infringing activities. Judicial oversight is not needed. In a recent editorial, we spoke about such dangers that this and a similar proposed House measure are ripe for abuse. After all, if the movie industry had its way, the VCR would have been outlawed.

Techdirt disclosed Thursday that for a year, the government refused to allow the site’s owner, who goes by the moniker Splash, to challenge the November 2010 seizure of the domain name by the Immigration and Customs Enforcement office, which is a branch of DHS. The only publicly available court record regarding the seizure was the initial filing of a court order a year ago. Everything else was sealed — invisible to Splash, his lawyer, the public and the press. On Thursday, the site was returned to the owner of the Queens, New York-based site with the only explanation being that forfeiture was unwarranted.

ICE’s complaint against the site listed four songs that the site allegedly linked to in violation of copyright law. Three of them were e-mailed to Splash by record executives associated with labels that belong to the Recording Industry Association of America, which helped create the complaint.

“It’s not my fault if someone at a record label is sending me the song,” Splash told The New York Times last year.

His attorney, Andrew Bridges of San Francisco, said in a telephone interview Friday that the issue underscores that “powerful corporate copyright interests have taken advantage  of the post 9-11 era to obtain the services of Homeland Security to enforce commercial interests.”

The Immigrations and Customs Enforcement’s public response to keeping Splash’s property for a year, without due process, boils down to a belief that it’s acceptable collateral damage:

Operation In Our Sites utilized the civil forfeiture statute provided by Congress for intellectual property theft to seize domain names of 350 separate websites engaged in copyright or trademark violations. In each instance, ICE, working with our partners at the Department of Justice, demonstrated the requisite probable cause to a federal magistrate judge to justify the seizure of the website. This process is the same that federal law enforcement uses for seizures of all types. During the subsequent forfeiture process, law enforcement continued not only to investigate potential criminal wrongdoing, but to objectively consider all applicable evidence resulting from the ongoing investigation. The goal of every law enforcement operation is to ensure a just result. In the case of this domain name — out of 350 seized — the government concluded that the appropriate and just result was to decline to pursue judicial forfeiture.

It just seems wrong that the United States would seize somebody’s property without affording any opportunity for a challenge — and ICE has tried to say that sites can fight back.

The Justice Department told Wyden in May that the Operation in Our Sites would indeed allow targets an opportunity to challenge the seizure. The only known challenge so far to Operation in Our Sites was by  the Spanish site Rojadirecta, which prevailed on First Amendment grounds Wednesday.

“Property owners are are entitled to challenge the forfeiture of their property, in which case the government would be required to demonstrate the basis for forfeiture by a preponderance of the evidence,” Ronald Weich, an assistant attorney general, wrote (.pdf) Wyden in May. “Even where the government can demonstrate that property was used to commit a criminal offense, an innocent owner who was unaware of the criminal activity, or who took reasonable measures to notify law enforcement upon learning of the criminal conduct, may nevertheless avoid forfeiture.”

The seizure was based on an investigation from the RIAA, which said in a statement that for the 18 months before the site was seized, “nearly 2,300 recordings linked to the site were removed from various file-sharing services.”

“We are aware of statements by the site operator that suggest that music companies themselves were the source of at least some of the thousands of recordings available on Dajaz1. Even assuming this to be accurate, it does not excuse the thousands of other pre-release tracks also made available which were neither authorized for commercial distribution nor for uploading to publicly accessible sites where they were readily downloadable for free,” the RIAA said in a statement.

Apparently the RIAA is none too happy about the site being given back, and suggested it was returned for “technical issues.”

“If the site continues to operate in an illegal manner,” the RIAA said in a statement, “we will consider all our legal options to prevent further damage to the music community.”

Photo of Ron Wyden: Charles Dharapak/AP

Occupy DC Prepares for Its Valley Forge

James runs intake at the Occupy DC encampment, making sure newcomers know the rules.

WASHINGTON — “If this is the revolution, this is our Valley Forge,” said a doughy, middle-aged man with frazzled long brown hair.

I was shivering when we spoke at 7:30 a.m. Thursday morning — as I had been shivering for the seven previous hours. Arriving about midnight on Wednesday, I’d missed the day of cold rain that had left the Occupy DC camp somewhere between damp and drenched. Without a sleeping bag or pad (both lost in a police action a few days earlier) and in 35-degree weather, I settled into a soggy upholstered chair under a mostly dry blanket. The loose weave welcomed the wind that whipped through our flimsy yurt on the barren granite and marble of Freedom Plaza along Pennsylvania Avenue.


A fellow camper, whose tent had collapsed in the rain, was wandering the plaza in only a hospital gown and blanket that morning. He’d just returned from emergency treatment for hypothermia, and all his clothes were still wet. Scott, a volunteer from southern Maryland who describes himself as an outdoorsman, had gotten the man on a bus to the hospital the night before and also tended another man in the early stages of hypothermia.

“Last night was only a mild case of what they have coming,” Scott said. “I don’t think a lot of people are prepared to be in the elements.” Scott would know. He spends nearly every night, every season (except during rain) in a hammock outside his parents’ house. (Like many people at the camp, he lives with family and describes himself as “disabled.”)

Whether the National Park Service intends to or not, it’s refusal to try to evict the protestors is calling the Occupiers’ bluff that they will survive the winter and indefinitely beyond. The fate of the DC occupations — it has two, not always amicable, camps — is growing more important as they attract a diaspora from cleared encampments around the country.

And the situation is growing crucial as many earnest, but unfocused, activists try to get their shit together. A general assembly can dicker and drift about visions and policy goals. But, it can’t space out on winter survival.

‘Hacktivity 2011′ Keynote Examines 25 Years of Malware

In September, I had the pleasure of giving the keynote speech at “Hacktivity 2011″ in Budapest, Hungary. I was very excited to see the large audience, about 1,000 visitors, among them very serious and well-known security professionals, instructors, and security enthusiasts. It was also exciting for me because I made the presentation in my native Hungarian. I very much enjoyed the conference and was able to meet a lot of talented young security researchers.

The presentation was translated during the talk and the speech is also available in English. Do not be surprised by the fact that the introduction will be made by a male voice, followed by several translators in real time who had to put complex security terms in plain English, while I talked very fast!

The presentation covers several important developments and the history of the last 25 years of computer malware. It has been an exiting journey for me to dedicate a large part of my life to the problems of computer threats. The presentation also details industry control system attacks, their history, Stuxnet, and recent interesting fake AV and rootkit developments. Many of the techniques were not publicly discussed prior to my talk. Enjoy!

The English version:

And for those of you who would like to listen in Hungarian, the talk is available here:

Hacktivity 2011 – Szőr Péter: Küzdelem a kártékony kódok ellen