Be Careful in Choosing Internet Providers -- Will They Defend Your Privacy?

by Paul Alan Levy

  Public Citizen jumped into a case where a federal judge in San Francisco tried, albeit without success, to shut down the entire Wikileaks web site, based on a claim by a Swiss bank that among the leaked documents posted on Wikileaks were some highly sensitive documents revealing private customer information.  (Wikileaks "invites people to post leaked materials with the goal of discouraging 'unethical behavior' by corporations and governments."  A New York Times editorial denouncing the order is here).  The case raises very serious issues about the First Amendment and prior restraint, which deeply affects consumers.  It also affects groups like Public Citizen, which depends on access to leaked documents to better advocate for consumer safety and other rights.   A discussion of how leaked information can be used to protect consumers appears in the first few pages of our motion to intervene in the case.  Access to the affidavits described in the brief is here.

In our brief, though, we focused instead on the lack of “complete diversity”  because there are subjects of foreign states on both sides of the case -- the Swiss bank on one side, and on the other side a Swiss former employee who took the documents when he left the company and Wikileaks, many of whose members are abroad. In addition, we point out that the main cause of action on which the bank relied, section 17200 of the California Business and Professions Code, applies only to unfair or unlawful "business practices" and hence does not apply to completely non-commercial web sites like Wikileaks. Others, including the ACLU and EFF, and a coalition of media organizations, have filed briefs addressing the First Amendment issues.

There is another serious consumer issue here that has received too little attention.  The judge entered two separate orders.   Although we have no way of knowing what the judge would have done without a stipulation, the broadest of the orders in the case was entered as a permanent injunction, without any findings of wrongdoing or basis for the order, that was submitted to the judge by the plaintiffs with the agreement of Dynadot, the domain name registrar.  So far as I can tell, Dynadot simply rolled over, apparently to avoid having to defend against the relief that the bank was seeking.  And that, to my mind, poses a significant consumer issue concerning the extent to which Internet providers protect their customers’ rights, and the considerations for consumers in choosing their Internet providers.

What Dynadot Agreed

One of the orders simply enjoined Wikileaks from posting the bank's documents on the Internet.  A second order, however, compelled Dynadot, through which Wikileaks had registered the domain name wikileaks.org, to freeze the domain name wikileaks.org (so that it could not be moved to a different registrar) and disabled the name so that it could not refer to anything more than a blank page.  This permanent injunction, which was submitted with the consent of the domain name registrar, would if successful have prevented public access to ANY of the documents or comments on documents that appear on wikileaks.org.  (In fact, the order was unsuccessful because the foreign Wikileaks sites, which carry the same information, were unaffected).

Dynadot gave the judge a stipulation that got it dismissed from the case, saving it from further legal fees.  Attached to that stipulation was an order that Dynadot “disable” the domain name and prevent it from referring to anything more than a blank page.  Any judge receiving this stipulation and order would assume that Dynadot was agreeing to this order.

Should Dynadot Have Rolled Over So Easily?

This need not have been an expensive issue to fight.   Under two different lines of federal court cases, each well accepted in the Ninth Circuit, Dynadot was immune from liability for what its customers do with the domain names that they register, and it was up to Dynadot to raise that immunity.  (Although when I talked to Dynadot’s lawyer it was not clear that he was aware of the relevant cases).  It could also have pointed out, as we did in the brief that we filed yesterday, that the Court had no jurisdiction of the case.  We learn about the requirement of “complete diversity” in the first year of law school.

Wired recently carried a story quoting a press release from Dynadot in which it tries to avoid the calumny that it deserves from the Internet community.  Specifically, Dynadot claims that it never agreed to the part of the injunction that makes wikileaks.org refer to a blank page.

I called Dynadot’s lawyer in surprise; he articulated a tricky reading of the language of the stipulation showing that Dynadot did not agree to some parts of the order that was being attached for the judge to sign; in fact, he told me, Dynadot specifically told the judge orally that it was not agreeing to the order itself, and especially to the provision taking down the web site.  He said that this would appear in a transcript of the meeting with the judge.  But there is no transcript on the court’s PACER site open to the public.  Perhaps Dynadot can furnish one.

One may well feel sorry for a small domain name seller that got caught up in a huge case.  But one reason that Internet users go to companies like Dynadot is to preserve their privacy, and when that privacy gets challenged it would seem to be at least implicit in the mutual expectations of the parties to that relationship that the registrar will not simply roll over.  I want to be clear -- I assume that Dynadot's terms of service leave it free to do whatever it wants, so that, I rather expect, Wikileaks cannot sue them for rolling over (assuming that the Wikileaks community is itself coherent enough as an entity to sue anybody, itself a dubious proposition).  But the fact that Dynadot would not be liable doesn't mean that it should roll over.

Dynadot cannot unring the bell.  But one thing it could do is appear in court at the hearing on Friday morning and tell the judge what it wants to tell the world in its press release -- that it thinks the order against it was wrong, and that it wants that order revoked.

Consumers Beware in Choosing Internet Providers

When choosing an Internet Service Provider, a web site host, or a domain name registrar that promises privacy, Internet users should pay attention not just to the big print promises, and not just to the fine print in the Terms of Service, although that can be significant.  Consumers should try to get a line also on how fiercely a given provider fights for its customers’ rights.

For example, Greg Beck and I have been critical of Domains by Proxy and Go Daddy which are often, in our view, too quick to give up their customers’ privacy, or too quick to take down web sites in response to challenge.  See here, here, and here for example.  Their record sometimes improves in response to public criticism, and sometimes they backslide.

Right now, Dynadot deserves criticism, and consumers should consider whether to use it in the future.

Comments

So what ISPs do you know of that fight for the privacy rights of their customers?

Posted by: tde | Wednesday, February 27, 2008 at 03:31 PM

Which domain name registrars fight for the rights of their customers?

Which DNS operators?

Which hosting companies?

Which colocation facilities?

Posted by: Joshua Rubin | Monday, March 03, 2008 at 02:53 PM

Excellent!

Posted by: Steven Roussey | Wednesday, March 05, 2008 at 09:19 PM

Here's another for ya:
http://tinyurl.com/3bm8qh

A sex-cult guru suing a forum for discussing the fact that the public needs to be warned about people like him.

Posted by: Laurel | Monday, March 10, 2008 at 01:24 PM