Recently, a court issued a troubling set of rulings in a default decision
against "Israel.TV" and some other sites.
While the issue of domains being confiscated and being handed over to a
prevailing plaintiff for an international domain with no obvious nexus
to the United States by a United States court via orders to companies
that happen to be in the United States is a bit of a concerning issue,
that's not operationally relevant.
What's more concerning is that the ruling includes an expansive clause
B, "Against Internet Service Providers (ISPs):"
IT IS FURTHER ORDERED that all ISPs (including without
limitation those set forth in Exhibit B hereto) and any
other ISPs providing services in the United States shall
block access to the Website at any domain address known
today (including but not limited to those set forth in
Exhibit A hereto) or to be used in the future by the
Defendants (.Newly-Detected Websites.) by any technological
means available on the ISPs. systems. The domain addresses
and any NewlyDetected Websites shall be channeled in such
a way that users will be unable to connect and/or use the
Website, and will be diverted by the ISPs. DNS servers
to a landing page operated and controlled by Plaintiffs
(the .Landing Page.) which can be reached as follows:
This expansive clause basically demands that ISP's implement a
DNS override in recursers, which may be dubiously effective given
things such as DNSSEC and DNS-over-HTTPS complications. This is
not an insignificant amount of work to implement, and since they
have not limited the list to big players, that means us small guys
would need to do this too.
Perhaps more worryingly is the clause "by any technological means
available," which seems like it could be opening the door to
mandatory DPI filtering of port 53 traffic, an expensive and dicey
proposition, or filtering at the CPE for those who run dnsmasq on
busybox based CPE, etc., etc.
This seems to be transferring the expense of complying to third
parties who had nothing to do with the pirate sites.
Complying with random court orders where there isn't even a formal
notice that there's been a court order is problematic. I would
guess that the 96 ISP's listed in the order are going to receive a
formal notice, but by what mechanism does the court think that a
small service provider would even be aware of such an order?
What happens with respect to the "Newly Detected Websites"? What
mechanism exists here?
Who is going to pay for the costs?
And how is this practical when this scales to hundreds or thousands
of such rulings?
It seems to me like the court overstepped here and issued a ruling
that contained a lot of wishful thinking that doesn't reflect the
ability of miscreants on the Internet to just rapidly register a new
domain name with a new fake credit card. Certainly it is trivial
to host the actual websites well out of legal reach of US courts,
and with domain registrars without US presence. This leaves those
of us in the network operations community in the position of
shouldering costs to comply with a court order, but without a clear
mechanism to continue to be in compliance. This could become a full
time job, if the defendants want to play the game right. "israel.tv"?
"1srael.tv" (with a "1" or "L" for the first letter, etc).
Is anybody here considering recovering compliance costs from the