Cybersecurity

The .IR, .KP and .SY Domains Are "Safe"

By Paul Rosenzweig
Friday, November 14, 2014, 1:21 PM

A couple of months ago, I noted an interesting law suit brought by several victims of terrorist attacks. They had secured default money judgments against Iran, North Korea and Syria for those country’s alleged complicity in supporting terror and their own resulting injuries. Sadly, for the victims, none of these countries had assets subject to American jurisdiction that could be attached to satisfy the judgments they had secured.

So they came up with the novel idea of seeking to attach the domain names for these countries – the .IR, .KP and .SY country code top level domains (ccTLDs) that identify sub domains associated with those countries. ccTLDs are managed by in-country domain managers – like the Iranian ministry of interior.

To effectuate the seizure the plaintiffs brought an action in the District Court in Washington DC to compel the Internet Corporation for the Assignment of Names and Numbers (ICANN) to reassign the top level domains from their current administrators (all of whom are resident in their own countries) to the plaintiff/victims. In other words, they wanted ICANN to order that future inquires about sub domains within, say, the .KP domain be directed to servers they operated, instead of a domain registry operated by the current North Korean domain manager. This would, in the end, require ICANN to order that the “root zone” – that is the authoritative listing of all top-level domain managers -- be modified. As I originally noted, though I have immense sympathy for the victims of terror, their focus on seizing the domain names from the ICANN seemed misplaced, and threatened to do a great deal of harm to the universality principle that underlies network connectivity.

Well, the case has now been resolved. Judge Lambreth of the District Court has rejected the writs of attachment. He reasoned, quite narrowly, that top level domains are “property” in some sense but that their use and value is “inextricably bound to” and “cannot be conceptualized apart from” the way in which they are managed – that is that the domain does not really exist apart from the services that are provided by the domain manager, and the remainder of the DNS service function. Put another way, an address doesn’t exist apart from the service of an address book and delivery system. That seems right to me – and since the general rule (which I happily have now learned for the first time) is that services are not attachable or seizable, the result follows directly.

Thus, the law of attachment and seizure is, fortunately, in sync with the broader policy goal of fostering a universal and open internet. That goal would have been greatly damaged by the intervention of US courts in to the country-code naming process.