Skip to main content
  • State of the Internet

Stopping illegal activity online – it’s more complicated than it seems

By Byron Holland
President and CEO

CIRA CEO shares viewpoint on the complicated nature of dealing with illegal online activity and the dangers of short-term solutions.

There was a compelling article in the Wall Street Journal (WSJ) the other day about ICANN and illegal online pharmacies. The result of a six-month investigation, the reporter, Jeff Elder, calls into question ICANN’s effectiveness in investigating complaints of suspected illegal activity on domain names it has a contractual relationship with.

Elder cites a recent incident where Interpol and the U.S. Food and Drug Administration tried to have 1,300 websites shut down because they were suspected of selling drugs without a prescription. Having no success with requests to the Chinese registrar take the sites down (even with a court order), the law enforcement agencies approached ICANN. While the original take-down requests were sent to the registrar in July 2014, as of earlier this month, ICANN had yet to take any action. This is just one example of law enforcement agencies expressing frustration with ICANN’s process to investigate, and ultimately act on requests to investigate illegal activity online.

While ICANN does not have any specific authority to police websites, it does have the authority, through its contractual relationships with registrars and registrants, to investigate suspected illegal activity. According to the individuals interviewed for the WSJ article, ICANN does not exercise this authority often enough. Elder references a statement from LegitScript, saying that, “of the 4,700 suspicious drug-selling websites that the officials have reported since February, about 4,000 stayed online after reports were filed to the sites’ registrars and ICANN.”

Given the international nature of the Internet – a website can be created in one country, hosted in another, on a domain name registered in yet a third, while selling a product in many jurisdictions – policing online activity is complicated. And without (fortunately!) a central authority to police the Internet, ICANN has been put in the unenviable position of investigating many of these complaints.

It’s worth pointing out that investigating suspected illegal activity is less of an issue for us at CIRA. While an individual can register a .CA domain name and keep their identity private, the same is not true for other entities. CIRA’s WHOIS policy stipulates that all non-individual registrants – corporations, not-for-profits, government departments, and so on – are unable to register a domain name without their registrant data made public. I believe this policy mitigates illegal activity, like that identified in Elder’s article, on .CA websites. A bad actor is not going to register a domain name to conduct illegal activity if their contact information is public and therefore easily accessible to law enforcement.

The article raises an interesting question – is it the responsibility of an organization like ICANN, or even a TLD registry like CIRA, to police content online? The case referenced in the WSJ article is one of a legitimate public health concern. However, similar requests could be made to ICANN regarding other content. Pornography is illegal in many parts of the world, as is content that is critical of certain governments. It’s conceivable that law enforcement agencies would request that content be taken down, just as Interpol and the FDA requested the online pharmacies be removed from the Internet.

Do we really want ICANN to take on the role of arbiter of the online world? I certainly don’t. The Internet is the greatest vehicle for free speech and creativity since the invention of the printing press; a gatekeeper to the Internet would unravel the tremendous benefits it has brought us over the past 20 years.

At CIRA, and at many other top-level domain registries around the world, we consider ourselves to be content agnostic. Our criteria for taking a website down are very narrow – we will only do so in three circumstances: if the website poses harm to children, is damaging to the domain name system, or if we are served a court order by law enforcement. We do not monitor .CA websites. We do, however, perform regular checks to ensure registrants are in compliance with the terms of the agreement they have with us. And, if we were to receive a court order demanding we take down a website that is part of an illegal activity, we would comply, just as we have done in the past.

Elder also draws the line between ICANN’s seeming inability to keep illegal pharmacies off the Web and the Internet Assigned Numbers Authority (IANA) oversight transition. Without transparency in addressing requests like the ones referenced in the article, how can ICANN be trusted without sufficient oversight, like that of the National Telecommunication and Information Administration (NTIA)? This is a bit of a stretch. As a party involved in both the IANA oversight transition and ICANN accountability discussions, if anything, ICANN will be held to a greater degree of accountability once the NTIA backs away from its current role.

The fact that the WSJ is critical of ICANN comes as no surprize. Articles and blogs from the newspaper have had a noticeable anti-ICANN bent for a few years now (and, I might add, have been ill-informed about these issues). An article from March 2014 about NTIA’s announcement stated, “Icann [sic] isn’t even ready to regulate itself.” A more recent article references ICANN’s plans to “hand control [of the Internet] over to governments,” and called on Congress to block the IANA oversight transition: “If Mr. Obama persists, Congress should block his plan with a simple message: The open Internet is too valuable to surrender.”

I’ve blogged about the media’s uninformed (and I would argue damaging) coverage of the IANA oversight transition, but in my opinion, the WSJ coverage reaches new levels of shortsightedness. It reminds me of a company making desperate efforts to bump up quarterly earnings at the expense of long-term, sustainable growth. By ignoring the larger issues the globalization of the IANA functions will address, the WSJ draws attention away from the important work we are doing to ensure a sustainable free and open Internet for all of the world’s citizens. Sadly, there are all too many people and organizations that will use this as fodder for their own political gain.

As the Internet continues to become a more ubiquitous part of the social and economic fabric of the globe’s citizens, tensions like the ones in Elder’s article will become more common. We are entering uncharted territory. Never before have all of the world’s cultures been so linked together, and issues that stem from fundamental political and philosophical differences, like pornography, free speech or differences in legal regimes will become more common and pronounced. However, we must resist the temptation to address these issues with short-term solutions instead of focusing on the long game.

If you are as interested in this topic as I am, there are many people and organizations working on solutions to these challenges. In particular, I encourage you to check out the work of Bertrand de LaChapelle at the Internet & Jurisdiction Project.

About the author
Byron Holland

Byron Holland (MBA, ICD.D) is the president and CEO of the Canadian Internet Registration Authority (CIRA), the national not-for-profit best known for managing the .CA domain and developing new cybersecurity, DNS, and registry services.

Byron is an expert in internet governance and a seasoned entrepreneur. Under Byron’s leadership, CIRA has become one of the leading ccTLDs in the world, with over 3 million domains under management. Over the past decade, he has represented CIRA internationally and held numerous leadership positions within ICANN. He currently sits on the Board of Directors for TORIX, and is a member of the nominations committee for ARIN. He lives in Ottawa with his wife, two sons, and their Australian shepherd, Marley.

The views expressed in this blog are Byron’s opinions on internet-related issues, and are not necessarily those of the organization.