GoDaddy, .CN, Malware & Freedom of Expression



The domain registrar GoDaddy testified before the U.S. Congressional-Executive Commission on China and stated that they would “discontinue offering new .CN domain names” citing concerns over an “increase in China’s surveillance and monitoring of the Internet activities of its citizens” and the “chilling effect” that the retroactive application of new requirements on .CN domain names would have.

CNNIC, which regulates the .CN ccTLD, introduced new requirements in December 2009 on registrations which many in the security community welcomed. .CN domain names are often used for malicious purposes. McAfee has listed .CN as one of the riskiest ccTLD’s. MalwareURL.com and MalwareDomainList.com (two amazing malware/security resources) have collected numerous .CN domain names used to distribute malware. The AV company Kaspersky noted:

Over the last 3–4 years, China has become the leading source of malware. Chinese cybercriminals have shown themselves to be capable of creating such huge volumes of malware that over the last two years, antivirus companies have, without exception, put most of their effort into combating Chinese malware.

However, a lot of the malware activity coming from China is because Eastern European criminal networks moved and are now abusing Chinese infrastructure, .CN domains as well as IP addresses.

Sophos noted that the regulations were having an effect. There was a decrease in spam and Sophos attributed this to the new CNNIC regulations. Symantec noted that .CN registrations used for spam were down and .RU registrations had taken their place.

Others were unsure. StopBadWare noted that since there was a 5 day grace period that would be enough time for the malicious use of .CN domain names. Many, including Isaac Mao, also raised privacy and freedom expression issues arguing that this was a crackdown on freedom of expression.

GoDaddy is now framing their decision to “discontinue offering new .CN domain names” as a freedom of expression issue. Back in 2004 I wrote about GoDaddy’s practice of denying access to its services form certain countries. Others have also had issues with GoDaddy regarding freedom of expression. In other cases, GoDaddy (among other registrars) have been criticized for being too slow to act.

So in trying to get an understanding of what’s going on, I found portions of GoDaddy’s testimony quite interesting. In particular, I’m interested in the emphasis on “Chinese nationals.”

On February 3, 2010, CNNIC announced that it would reopen .CN domain name registrations to overseas registrars. However, the stringent new identification and documentation procedures would remain in effect. CNNIC also announced an audit of all .CN domain name registrations currently held by Chinese nationals. Domain name registrars, including Go Daddy, were then instructed to obtain photo identification, business identification, and physical signed registration forms from all existing .CN domain name registrants who are Chinese nationals, and to provide copies of those documents to CNNIC. We were advised that domain names of registrants who did not register as required would no longer resolve. In other words, their domain names would no longer work.

Now, what I am unclear on is how the requirements affects non-Chinese national who a registering malware domains, pushing rogue antivirus, sending spam and all sorts ofnasty things. These regulation seems to largely target Chinese nationals — not the nationals of other countries who may be using .CN domains for malicious purposes. GoDaddy concluded:

The intent of the new procedures appeared, to us, to be based on a desire by the Chinese authorities to exercise increased control over the subject matter of domain name registrations by Chinese nationals.

We believe that many of the current abuses of the Internet originating in China are due to a lack of enforcement against criminal activities by the Chinese government. Our experience has been that China is focused on using the Internet to monitor and control the legitimate activities of its citizens, rather than penalizing those who commit Internet-related crimes.

I’m having trouble evaluating GoDaddy’s new found (to me anyway) commitment to freedom of expression. I do welcome it and I hope they are serious about it and demonstrate their commitment by joining the Global Network Initiative. But I’m hoping that they don’t confine their interest in freedom of expression solely to China but rather evaluate and assess freedom of expression and privacy across their business operations.

UPDATE:

WP: In response to new rules, GoDaddy to stop registering domain names in China
Dancho Danchev: “With CN/RU requirement for scanned IDs in order to register a domain,underground services are already monetizing the Photoshop-ing process.”

Post a comment.