By Davis Doherty
GoDaddy Follows Google out of China
On March 25, the Washington Post reported that GoDaddy.com would cease registering Chinese domain names in response to intrusive new regulations. The leading Internet registrar’s decision was spurred by concerns that the rules, requiring registrants to provide extensive personal information and photos, would strengthen China’s ability to censor its citizens. CNET reports that GoDaddy has also been the subject of an increasing number of cyber attacks based in China. Reuters provides analysis connecting GoDaddy’s move to Google’s decision to relocate its search services to Hong Kong.
The “Hot News” Doctrine — Not Dead Yet
The Citizen Media Law Project (“CMLP”) blog reports that a recent decision in the District Court for the Southern District of New York, Barclays Capital Inc. v. TheFlyOnTheWall.com, 06 Civ. 4908 (S.D.N.Y. Mar. 18, 2010), may revive the flagging “hot news” doctrine. That doctrine, based on unfair competition laws, provides some protection against copying of time-sensitive facts that are uncopyrightable. TheFlyOnTheWall.com fell afoul of the rule by including the plaintiffs’ stock recommendations in real time on its financial newsfeed, and under the court’s ruling must now delay publication of that information by several hours. CMLP discusses the possibility that the court’s reasoning may apply to news aggregators, but ultimately argues that the ruling will not apply to such websites.
On March 24, computer security specialists released a research paper suggesting that Certificate Authorities (“CAs”) may be assisting government efforts to spy on encrypted communications. The Electronic Frontier Foundation analyzes the report and extensively discusses CAs — a collection of over 100 companies and governments who provide electronic certificates for secure websites such as Gmail and Bank of America. These certificates verify that no third party is impersonating either end of the communication in a “man-in-the-middle” attack, an approach that would bypass the encryption normally protecting the user’s data against interception. Since web browsers only check whether a certificate issuer is on the trusted list, one CA could provide false certificates that would enable attacks at any secure site.
Wired’s Threat Level reports that Arizona company Packet Forensics manufactures hardware to automate this sort of attack, suggesting that false certificates may indeed be available. Commentators are also concerned that some CAs may be particularly vulnerable to governmental pressure to issue forged certificates, which could then be used to spy on dissidents or steal intellectual property.