An Open Letter To Namecheap: Why I Am Leaving You

Your decision to suspend the domain of The Daily Stormer, and the reasons given, are wholly unacceptable and cast serious doubts on your suitability as a registrar. As such I am transferring all domains I have with you away effective immediately.

Though I do not endorse the content of the website pointed to by that domain, your decision to suspend service is wholly unacceptable for several reasons:

Firstly, you claim that the content of the website pointed to by the domain is illegal due to inciting violence. Not only is the example quote you give laughable, it fails to consider that in many cases, advocating illegal activity is still protected speech under US law, as per Brandenburg vs. Ohio.

Secondly, even if the website in question is illegal, this does not make it appropriate for you to privately adjudicate on that matter. The question of legality is one for courts to make, and in the absence of a court order against you your obligation to act is nil. Your failure to consider the subtleties of US free speech case law and issues such as the potentially protected status even of speech which incites unlawful activity demonstrates your fundamental unsuitability and incompetence as an adjudicator on US law. As such you would be well advised to forego such amateur adjudication in the future and leave such rulings to the professionals in the courts. That you have elected to adjudicate privately and arbitrarily based on a personal interpretation of the law is in fact a far greater issue than the particular substance of whatever argument you make as to the illegality of a website. Even if you were incontrovertibly correct in your reasoning given (and you aren't) it would not make you an appropriate party to administer censorship and domain takedowns.

Thirdly, you fail to consider the limits of your demarcation and responsibility as a registrar of domain names. You do not host websites in your capacity as a registrar, nor even necessarily DNS zones. A domain name does not host a website. It points to a set of nameservers which serve a DNS zone which may map subdomains of that name to arbitrary information, potentially including IP addresses; those IP addresses may provide arbitrary services, potentially including web services. Such a DNS zone may also subdelegate subdomains to other entities.

It is quite simply not within the legitimate purview of a domain name registrar to consider the objects to which the target nameservers are put, let alone the services provided by machines to which the information served by those nameservers may in some way reference. Indeed, if you care to pay the slightest attention to the domain name registration system at large, you will note that dispute resolution mechanisms focus on ways in which the domain names themselves can be misconfigured (WHOIS data inaccuracy) or violate people's rights, such as trademarks. What is wholly unaccounted for by ICANN policy is the objects to which domain names are ultimately, indirectly purposed, or the information served by a domain name's nameservers, because it is quite simply none of the business of the registry, registrar or ICANN.

I would also note that you do not have the power to take down websites. What you have the power to do is to suspend domains. This is not the same thing; suspending a domain renders all services made available by means of that domain inaccessible. A given website may only be one of many such services. Since most nameservers nowadays deny zone transfer requests, you have no way of assessing reliably the breadth of services provided using a given domain name, and thus have no way of assessing reliably the collateral damage you may cause by virtue of such a suspension.

For example, many other websites could be hosted via other subdomains. The domain could host e. mail service, in which case your suspension of the domain compromises the integrity and reliability of the internet e. mail ecosystem and may actually prevent the damaged party from engaging in correspondence in relation to that very act of suspension (if they use an e. mail address at that domain).

It even, if conducted improperly, may compromise the privacy of incoming e. mail messages; for example, if the domain, upon suspension, is changed to point to a set of nameservers which in turn point to an IP address providing a “domain suspended” webpage, and that server also provides an SMTP service, MTAs will attempt to deliver to it by default in the absence of MX records. Said SMTP service might to arbitrary things with those messages, creating a huge number of data protection concerns. The suspension of a domain in this matter bears little difference, or, in fact, no difference at all to a man-in-the-middle attack, perpetrated by none other than one's own registrar.

Claiming the power to suspend domains arbitrarily is essentially claiming the power to engage in denial of service attacks against your customers on nothing more than your whim. Any and all of your customers, including the vast majority of them who no doubt oppose the viewpoints articulated by The Daily Stormer, should, without exception, be gravely concerned by the actions you have taken and the degree to which you have both exceeded and failed to understand your legitimate remit and its limits, and fear for their own domains registered with you as a result. It would, in my view, be rational for every single customer who relies on you for domain registration to transfer their domains away from you solely on the grounds of your handling of this case, and I will advocate fully and in detail against the use of your services in all cases and venues and amongst all of my acquaintances who welcome my opinions as to choosing a domain name registrar.

It also appears clear to me that you do not possess, nor even claim to possess, any theory of liability which compels you, in law or as a practical matter by fear of being found in some way additionally liable, having now been made aware of the nature of the website pointed to by the nameservers of dailystormer.com, to take action against this domain. I am aware of no law or case law of the US which has ever found a domain name registrar for the content of a website hosted by a server pointed to by an entry in a DNS zone served by a nameserver pointed to by a domain name which happens to be registered via means of a given registrar. Even if such law or case law were to come into being, it would strain belief for a registrar to be found so liable, rather than a registry, given that it is the registry that actually manages domain name registrations and hosts the nameservers for the TLD. In acting as domain name registrar you are little more than a glorified intermediary for the submission of WHOIS and nameserver information to the appropriate registry. Even in a parallel universe in which a theory of liability relating to domain registration was available, it would be exceptionally strange for the registrar to be fingered as the responsible party, instead of the registry which is the ultimate authority on the domains hosted under its TLD and which actually serves the TLD's zone file.

Your action constitutes a direct and extremely hazardous attack on the integrity, trustworthiness and reliability of the domain name system. You have, in this act, debased the domain name system by directly undermining its political neutrality. This, in turn, increases the likelihood and perceived acceptability of future suspensions on what are essentially political matters. It also creates or enhances the perception that domain suspensions are ever a reasonable or proportionate way of effecting the takedown of a website; but, as I have explained above, they are not, and such suspensions may cause arbitrarily large amounts of collateral damage in terms of infrastructural impact and service provision.

For a demonstration of just how unbounded the collateral damage a domain suspension can have, even a carefully planned one orchestrated by a leading technology company, I would invite you to consider the Microsoft no-ip.org debacle, in which Microsoft secured via legal means the seizure of the no-ip.org domain out of an objection under trademark law to one of its publically allocated subdomains. They intended that this seizure would have no impact to "innocent” domains, yet in practice this seizure caused extremely major collateral damage and was a major news story.

I would also, pursuant to the no-ip.org debacle, pose to you the prescient and extremely important question of how your policy of private adjudication on the acceptability of services pointed to by a domain name interacts with domain names who choose to subdelegate subdomains of those domain names to arbitrary members of the public. Examples of domains run in this manner include not only no-ip.org, but also domains like eu.org as well as domains like uk.com, a peculiar case of a second-level domain being commercially sublet.

If the uk.com registry held their registration of that domain with you, and The Daily Stormer registered dailystormer.uk.com, how would you react to this? Would you suspend the domain, interrupting service to innumerable “innocent” subdomains as well? Would you make demands of the uk.com registry? What would you do if they refused to comply with those demands? This are not rhetorical questions; either you have internally consistent and reassuring answers to all of these questions, or you do not. It is in fact imperative that you answer these questions if you are to retain the slightest credibility as a registrar going forward.

What about domains like eu.org, no-ip.org? Would you treat these domains less favourably in identical cases because those entities are smaller, because they have less clout? Or even because you do not quite so much fear being sued by them? More and more it feels like the domain name system is an unequal and capricious system in which the domain name google.com sleeps safe at night, but those not backed by the impressiveness and awe of a large multinational corporation are far more vulnerable to arbitrary action.

What about tor2web? The domain name onion.to can be used to access Tor hidden services, including The Daily Stormer, simply by taking an onion address and appending “.to”. This is automated; a Tor hidden service website becomes accessible via onion.to simply by virtue of being connected to the Tor network, without any action from the operators of onion.to. As such the operators of onion.to have little to no control over what material may manifest on subdomains of that domain. Given this, were onion.to registered with you, would you suspend that domain simply because The Daily Stormer can be accessed via it? Would you make demands of onion.to and how it operates its service, to try and make it prevent access to The Daily Stormer via its service? Or if you would not, why?

What distinguishes one case from another? On what principles here are you acting other than arbitrary action? One of the purposes of the law is that it is clear to all, being a matter of public record, and neutral. Absent legislator action, its scripture remains invariant against the tide of the controversy or moral panic of the day. In particular the courts, and especially common law courts, give substantial weight to how law has been enforced in the past, and the consistent and fair application of the law is thereby provided for. By comparison it is hard to see how your arbitrary decision, which is wholly void of due process, ties in to a clear set of invariant rules which provide for clear and predictable decisionmaking. Rather it is simply a cowardly response to a controversy of the moment.

Perhaps most depressingly of all, your action in arbitrarily suspending the domain name is no doubt the product not of principle, but of pressure laid upon you by an essentially fascist social mob who seeks to suppress speech with which they disagree. (That the speech they target is itself fascist is of no consequence; fascism does not justify fascism.) You perhaps think that in capitulating to this hysteria, you obtain positive PR for being seen to oppose neo-Nazis, or escape the risk of negative PR for being seen to be associated with such a website as The Daily Stormer. What you do not realise is that you destroy your credibility as a registrar in the process, which is a far greater threat to your business. You have publically announced that you stand for cowardice and decisions of cheap convenience, and now all of your customers and their vital, mission-critical infrastructure stand on those shoddy foundations.

And that is why I am leaving you as a registrar.

I presume — hope — that The Daily Stormer will eventually find a willing registrar, and whatever registrar that ends up being will increase its reputation a hundredfold in my eyes for that single act of principled courage. Alternately, you could reverse your decision and take the courageous path. I don't find it likely that you will, but it's never too late to do the right thing.

But it's all downhill from here. More and more pretexts, seemingly compelling at the time, will be found to interfere with the domain name system, both inside courts but even moreso outside of them. Censorship will occur. Collateral damage will occur. Domains will be suspended wrongly. The reliability of the domain name system as an infrastructural element of the internet will only decrease. As the frequency of suspensions and the diversity of reasons for them increase, the temptation to disrupt domain names for any particular reason will only increase, no matter the disproportionality and collateral damage of such methods. What a court will do once, a court will do twice; what a registrar arbitrarily does once, it will do many times.

(This is, of course, one of the reasons I participate in the Namecoin project.)

In taking this arbitrary action, you help establish this trend of death by a thousand cuts; you become part of the problem.

It could yet be stopped, if registrars such as you were to grow a spine and were to ardently maintain their apoliticality, decline to recognise responsibility for customer nameservers and the information they provide (let alone information provided by servers the information they provide points to), which as yet does not appear to me to be something mandated upon them by law, and thus is an abdication ripe for the maintaining. Instead they are inviting such legal interference; if even registrars insinuate themselves as responsible, why shouldn't legislators get in on the act and declare that it is so?