Over the weekend, while hosting the largest intelligence leak in history, WikiLeaks was hit by a distributed denial of service attack. Someone, it seemed, was trying to silence the whistleblowing website.
Thanks to the internet’s flexible architecture, however, WikiLeaks was able to quickly shift its weight to Amazon.com’s Elastic Cloud Computing (EC2) servers, ensuring that the 250,000 leaked diplomatic cables remained online. Earlier today, reports circulated that Amazon had bowed to political pressure from US lawmakers and booted WikiLeaks off its servers. And yet, WikiLeaks remains online as I am writing this, having presumably moved to yet another cluster of servers.
WikiLeaks endurance illustrates why the internet’s decentralised nature has made it such a valuable platform for the dissemination of information. To attempt to take a site like WikiLeaks down is to engage in a pointless game of whack-a-mole; no matter how many times you shut the site down, it will always pop up again elsewhere. And yet, WikiLeaks and sites like it do have another point of vulnerability, one that is increasingly being targeted by governments: their web addresses or urls.
In order to visit WikiLeaks, most of us would point our browser to WikiLeaks.org. Unlike the internet itself, the administration of top-level domains – such as .org, .com, .net and .uk – is surprisingly centralised. The top-level domain name space, in which such domains reside, is managed by the Internet Corporation for Assigned Names and Numbers (Icann), a US-based non-profit organisation. Icann oversees the creation of new domains and assigns administration of these domains to various parties. The .com domain, for example, is administered by the American company VeriSign, while the .uk domain is administered by the UK non-profit, Nominet UK.
This centralisation of domains provides an attractive target for those seeking to silence free speech and dissent on the web. In the US, a group of senators has introduced a bill known as the Combating Online Infringement and Counterfeits Act (Coica) that aims to expand the American government’s power over domain names. If passed, the bill would allow the US government to shut down domains that are managed in the US (.com and .net domains, for example) and demand that American ISPs not connect users to domains administered elsewhere in the world.
As its name implies, Coica is being peddled as a solution for combating the sale of counterfeit goods online. However, if granted the ability to seize and censor domains at whim, one imagines that the American government might be tempted to use its newfound ability for other purposes – including suppressing sensitive documents like those made available by WikiLeaks.
If you’re wondering what this kind of seizure would look like in practice, you need look no further than this week’s news. This past Monday, in a show of force timed to coincide with “cyber Monday” – the year’s largest day for online shopping – the US department of homeland security seized some 82 domains, most of which belonged to sites trading in counterfeit goods. A few of the sites whose domains were seized, however, were not involved in counterfeiting. Two popular hip-hop websites – OnSmash.com and dajaz1.com – had their domains pulled due to accusations of copyright infringement. These sites, which hosted hip-hop mixtapes and which have been cited as contributing to the recent success of major-label recording artists like Kanye West, claim to have been in compliance with the law by responding to takedown notices received from record labels and other rightsholders. As of this writing, however, both sites still redirect to a stern warning notice from the department of homeland security. While the legality of these seizures in the absence of Coica is a matter of debate, the message sent by the US government is clear: despite the decentralised nature of the internet, web sites that run afoul of US policies are anything but invincible.
While it remains unclear what ramifications a piece of legislation like Coica would have for free speech, political dissent and the flow of information online, the US government’s ability to confiscate domains could certainly spell trouble for sites like WikiLeaks in the future. Some engineers aren’t taking any chances: in response to the cyber Monday seizures, a group of online activists has announced plans to create a decentralised – and therefore, censorship-resistant – domain name system, based on the popular BitTorrent file transfer protocol.
The game of whack-a-mole, it seems, continues unabated.
Mehan Jayasuriya, the director of outreach and new media for Public Knowledge, a Washington DC based, non-profit consumer advocacy group that fights for the rights of independent creators, innovators and Internet users.