|VeriSign's proposed com/net Anti-Abuse Policy lacks due process|
VeriSign just submitted a proposed "anti-abuse" policy for com/net domains, see:
If adopted as proposed, it does not provide any due process protections to domain name registrants. VeriSign would become the judge, jury and executioner, able to suspend or delete domain names that are allegedly "abusive".
VeriSign even recognizes that legitimate domain names will be affected. To attempt to mitigate these "false positives", VeriSign proposes that legitimate registrants would only be able to protest *after* VeriSign has already taken action. Such action would have already damaged the innocent registrants and their users.
This is counter to the domain name registrants' rights to due process. Instead, VeriSign should be compelled to prove the alleged abuse in an appropriate legal forum (e.g. a court), where the registrants can face their accuser, before being allowed to suspend or delete a domain name.
Potentially this is very bad. Your site could get hacked. Or maybe you have user-generated content. I'm sure Yahoo and Google host "malware" on their sites, at least on some pages. They might get the benefit of the doubt from VeriSign, but certainly smaller registrants won't. It'll be "shoot first and ask questions later" for the small registrants.
And malware scanning can generate "false positives", e.g.
Instead of simply being blocked by Google in the above instance of a false positive, the site could disappear completely if VeriSign is given this new power.
While VeriSign focuses on "malware" in their proposal, note carefully the broad language in the policy, which would include scenarios, for example, " to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process;"
The topic of takedowns at the "request of law enforcement" (without any court order or trial) has obviously been very controversial in the past. VeriSign doesn't even specify valid jurisdictions that they'll consider applicable. Would the Chinese or Iranian police/governments be able to take down a domain name owned by an American registrant, that is hosted in the UK?
You can submit comments to ICANN at email@example.com and view comments by others at:
To followup, the proposal has now been withdrawn:
after much public outcry.
Thankyou for your vigilance GeorgeK :)
I wouldn't trust verisign to tell me my "nick" here..and still less to walk my dog.
What's the betting that it will be back, probably under some other guise, within months?