Recent legal actions (Rustock, Coreflood and Kelihos, among others) resulting in disrupting or dismantling major criminal networks have involved seizures of domain names, DNS name server reconfiguration and transfers of domain name registrations as part of the takedown actions.
This thought paper [PDF, 449 KB] offers guidance for anyone who prepares an order that seeks to seize or take down domain names. Its purpose is to help preparers of legal or regulatory actions understand what information top level domain name (TLD) registration providers such as registries and registrars will need to respond promptly and effectively to a legal or regulatory order or action. The paper explains how information about a domain name is managed and by whom. In particular, it explains that a seizure typically affects three operational elements of the Internet name system domain name registration services, the domain name system (DNS) and WHOIS services and encourages preparers of legal or regulatory actions to consider each when they prepare documentation for a court action.
The thought paper has been prepared by ICANN’s Security team, its authors and contributors are technical and operational staff, not attorneys (although persons with legal expertise were consulted in the preparation of this document). We will have members from the Security team at the upcoming ICANN meeting in Costa Rica and look forward to discussing this with the community.