Kentucky court persists in error
« previous post | next post »
Three weeks ago I wrote about the state of Kentucky's attempt to seize the domain names of internet gambling sites using a statute that authorizes the seizure of "gambling devices', pointing out that the belief that domain names are gambling devices is bizarre. The court has now held an adversarial hearing on the matter and has issued a decision confirming its ex parte order. Most of the opinion is devoted to other issues, such as the question of whether domain names are property and whether the Kentucky court has jurisdiction, but the question of whether domain names are "gambling devices" as defined in the statute is briefly addressed at pp. 22-25.
It isn't easy for me to analyze the court's argument on this point because I'm not sure that I understand it. A major component of the court's error appears to be the mistaken belief that domain names are analogous to the keys to a building. This is of course false: the true analogy is that a domain name is an alias for the address of a building, as I explained in my previous post. Even if the court's analogy were valid, domain names would still not be gambling devices: they would be analogous to the keys to the casino, not the slot machines and roulette wheels whose seizure the statute authorizes.
A second component of the court's decision is the view that the statute need not be interpreted literally, that what is important is its spirit, not the letter of the law. While one can certainly agree with this sentiment as a view of what constitutes justice, it is a dubious principle of legal interpretation. In any case, even if one admits such a principle, the question arises as to how far from the literal interpretation one may go. In my opinion, treating a domain name as a device is too great a stretch.
Finally, the court appears to address the argument that the statute requires that for a device to be seized it must be a "gambling device", that is, a device specifically designed for gambling. As I pointed out in my previous post, domain names are not designed specifically for gambling anymore than computers are, in contrast to the machines at which the statute is clearly aimed, such as slot machines. If I understand the court's argument, it is that the specific domain names chosen by the gambling sites are designed for gambling, e.g. that if a casino chooses a domain name like "texasholdem.com", that domain name refers to gambling and is intended to attract clients interested in playing poker. In other words, the court takes the design requirement to apply not to the class of devices but to individual devices. That is not how I would read it, but it may be a valid interpretation.
In sum, while the court gives a colorable argument that the domain names satisfy the statute's requirement that the seized devices be designed for gambling, it fails to give a satisfactory argument that domain names are devices of any sort.
Theodore said,
October 21, 2008 @ 5:47 pm
Right from the start, the court's decision is nonsensical. The defendants in the case are "141 Internet domain names". Not the owners of those names, but the names themselves?!? How can an abstraction be the defendant?
Brandon said,
October 21, 2008 @ 5:57 pm
I'm confused, are they deciding against defendants that own these domains and live in Kentucky? Or perhaps the servers hosting the websites that are using these domains situated in the bluegrass state? In any case I find it hard to believe that there is a way to nail down a website domain name as being in the jurisdiction of any state court, or even a national court, provided that it is a ".com" and not a ".us."
Then again I'm one of those crazy young kids who likes to pretend the internet is international waters.
Bryn LaFollette said,
October 21, 2008 @ 6:47 pm
I can't fathom how an argument for a name itself being reasoned to be "designed" to be used for gambling could be any more clear-cut than the argument that any other thing associated with the business of gambling would be. I mean, where do you draw the line? Would this mean that they have they believe that they have the authority to seize the domain names of Las Vegas casinos? Obviously these would conjure the image of gambling just as much as a domain name like "texasholdem.com" could be argued to. Further, what would the limits of the association be? If a known internet gambling site has no obviously poker-associated name but is well-enough known a site for playing poker, would that qualify? What about then any site that is reminiscent of this name (thereby supposedly reminding people of a gambling site)? What about the Casino or place names associated with gambling like Luxor or Monte Carlo?
Overall it seems like this error goes far beyond a lack of understanding of how internet technology works, but also labels vs designatees.
Bill Poser said,
October 21, 2008 @ 6:49 pm
@Theodore,
Yes, the nominal defendants are the domain names. This is an example of a lawsuit in rem "against a thing". It is the typical form of action in seizure cases. This results in wonderful case names like "United States v. 11 1/4 Dozen Packages of Articles Labeled in Part Mrs. Moffat’s Shoo-Fly Powders for Drunkenness, 40 F. Supp. 208 (W D.N.Y. 1941)" , "United States v. Approximately 64,695 Pounds of Shark Fins, No. 05-56274 (9th Cir. Mar. 17, 2008)", "United States v. Forty Barrels and Twenty Kegs of Coca-Cola 241 U.S. 265 (1916)", and the inimitable "United States v. One Package of Japanese Pessaries 86 F.2d 737 (2nd Cir. 1936)". (The pessaries in question were what we would now call diaphragms. This is the case in which the Court of Appeals for the Second Circuit over-ruled the government's invocation of the Comstack Act and allowed Margaret Sanger to import Japanese contraceptives.)
Historically, suits in rem arose from situations in which the court had jurisdiction over movable property but not over its owner, or where the owner was unknown. The most common sort of private suit in rem in the United States is under admiralty law, where a vendor is owed a debt by the owners of a ship. The creditor files suit against the ship since the ship, if in U.S. waters, is within the court's jurisdiction, whereas its owners very likely are not.
The use of this form of suit for asset seizure is problematic because it lets the government shift the burden of proof to the defendant in what is de facto a criminal prosecution. The government seizes your wad of cash or boat or whatever and it is then up to you to prove that you acquired it by lawful means. This inversion of the burden of proof occurs because suits in rem start from the assumption that the owner of the property is either unknown or of little relevance. When this assumption is carried over to asset seizure cases, where the true owner of the property is known, it has the effect of forcing the owner to prove ownership. What is in origin a benign legal fiction has become, in asset seizure cases, a means for the government to evade due process, far from benign.
@Brandon,
Well, the question of whether the domain names are within the court's jurisdiction is disputed, and I am confident that this trial court decision will not be the last we will hear of this. Since this case involves broad issues of when something on the internet falls within local jurisdiction as well as the federalism issue of the extent to which the states rather than the federal government have jurisdiction in such matters, I think that it is very likely to end up before the federal appellate courts if not the Supreme Court.
As I understand it, Kentucky does not argue that the servers or the companies that operate them are within the jurisdiction of the Kentucky courts. Rather, the claim is that the domain names themselves, because access to them is available to users of the network in Kentucky, are within the court's jurisdiction.
Forrest said,
October 21, 2008 @ 7:02 pm
It's very hard to argue that domain names are like keys. If you happen to know the address of a web site ( the IP address of the server hosting it ) you can visit the site without the domain name.
I guess, by analogy, you can get into a door without a key, so long as the door is unlocked … but that's a bit of a stretch.
Bill Poser said,
October 21, 2008 @ 7:08 pm
@Forrest,
Yes, I agree. The idea that domain names are like keys makes no sense to me, and I don't know why the court thinks that the analogy is valid. The decision doesn't explain. It looks like the key analogy comes from the state of Kentucky, whose pleadings I have not seen.
Forrest said,
October 21, 2008 @ 8:15 pm
Even if the analogy was valid … there's a danger in being too convinced by your own analogies. If a domain name was "like" a key, that's not the same as actually being one.
John Cowan said,
October 21, 2008 @ 8:21 pm
Theodore: As I said in response to the previous posting, this is an in rem proceeding, directed against things rather than their owners, when the owners are not known, unavailable, or problematic. It's a very legitimate, if unusual, thing to do.
Brandon: Indeed, the first and most usual application of in rem jurisdiction is precisely ships.
Bryan said,
October 21, 2008 @ 9:47 pm
A domain name maps to an IP address. If they have jurisdiction over the domain, do they have jurisdiction over the IP address even if it was assigned by and ISP outside of the US? The IP address maps to a MAC address which is unique to the piece of hardware from the time of manufacturing. So if they have jurisdiction to an IP address, do they have jurisdiction over the MAC address which exists physically outside of their jurisdiction?
Basically, is a map to a slot machine a gambling device?
What about all the travel guides and maps to Casinos and "Gambling devices" of Las Vegas in the local bookstore. Do those, being they provide access to gambling devices, constitute gambling devices?
Ran Ari-Gur said,
October 21, 2008 @ 9:56 pm
Perhaps relevant: In computing, the indices of hash-tables (and other such associative array structures and functions of finite domain) are typically called "keys", and domain-name lookup is conceptually quite similar. I think one could readily construct a chain of analogies from building-keys to DNS, and accomplish nothing except prove Forrest's point.
Faldone said,
October 21, 2008 @ 10:24 pm
Presumably the former owners of the domain names could just get new domain names and keep the sites otherwise intact. There might be some problems keeping customers informed of the domain name changes but I'm sure it could be figured out by sufficiently savvy businessmen.
Jon Peltier said,
October 21, 2008 @ 11:33 pm
Never mind whether the domain names are like keys, or are gambling devices. How can the state of Kentucky think it has any jurisdiction over the domain names?
Bill Poser said,
October 21, 2008 @ 11:56 pm
@Jon Peltier
That's a very good question. I think that the argument is that a company that offers to do business with residents of Kentucky over the internet has established a presence in Kentucky just as if it had opened a bricks-and-mortar storefront in Kentucky. Whether this is a valid argument is questionable, but outside of my legal expertise, such as it is. I'm afraid I have to punt to the legal blogs for this.
dr pepper said,
October 22, 2008 @ 4:44 am
@Bill Poser
OK then, if say, a company named "Gamblemania Inc." opens a brick and mortar store in Kentucky, and state officials believe that the activities on the premises violate state law, what judge would agree to let them sieze the company name?
Dan T. said,
October 22, 2008 @ 8:15 am
If they own a registered trademark to the name, that would presumably be one of the company's assets that could be seized if they were engaged in illegal activity.
Ray Girvan said,
October 22, 2008 @ 8:19 am
It's an interesting example of prosecutors using convoluted interpretations of language to apply law to computing-related situations it wasn't designed to cover. I recall the first UK case against hackers – the 1988 Regina -v- Stephen William Gold, and Robert Jonathan Schifreen – which equated using an unauthorised password with making "a false instrument" under forgery law. Another example is the non-intuitive definition of "make" in UK laws relating to illegal pornography, where Regina v Westgarth Smith; Jayson, [2002] EWCA Crim 683 set the precedent that downloading an image or opening an e-mail attachment is defined as "making" that image under the Protection of Children Act 1978.
Nick Lamb said,
October 22, 2008 @ 10:02 am
On the web these hostnames actually serve two additional purposes beyond being what you look up in DNS to find out the IP address.
1. They are a required parameter for HTTPS, the secure variant of HTTP. In HTTPS the server can prove to the user agent (web browser) that a mutually trusted Authority has certified it as belonging to a particular business or organisation. This enables a sophisticated user to trust that hsbc.com is really the famous international bank and not some scammer. The certificate used contains a "Common Name" or CN field, which specifies the server's host name. if it doesn't match the user agent will typically refuse the connection.
2. From HTTP/1.1 onwards (which is what you're all using) the hostname is an implicitly required parameter to HTTP requests in order to facilitate "virtual hosts" in which any number of distinct web sites are actually served by the same HTTP server, running on the same hardware, with the same IP address. The server software distinguishes which site you are requesting by the host name you mention in the request itself. No host name? No clue what you are requesting, you'll get some default page probably advertising a hosting service.
Thus, from a purely pragmatic point of view, seizing hostnames in the registry is a somewhat effective measure, despite the fact that ultimately it can't prevent determined people from continuing to operate or use these sites. (In particular, if the court orders the registrar to hand over their control of the registry entry it doesn't actually prevent anyone from making HTTP or HTTPS requests which use this name, assuming they somehow know the correct IP address already)
I would assume that if this became common practice the gambling site operators will just switch to a registrar and registry that they feel aren't likely to be intimidated by US courts. Probably in one of the countries that already routinely ignores requests for co-operation from the US. In theory the State Department could make any arbitrary order regarding DNS, since it asserts the right to do so – but in practice an order interfering in another country's national registry is unthinkable.
Chris said,
October 22, 2008 @ 10:07 am
If I recall correctly, mail-order and phone precedent specifies that existing does not qualify as "offering to do business" in a particular location (other than where you physically are), even if you can be reached by some method of communication from that particular location. Advertising specifically directed at a particular region does qualify, though. Presumably, courts would extend this to the Internet (or already have), so Kentucky must have some jurisdictional facts or think it does.
It seems that the court is convinced that the domain names were "designed" to reach Kentucky solely on the basis that they were not designed not to reach Kentucky, even though it is theoretically possible to do so. The fact that this standard would impose on every Internet operator in the world the duty to inform himself of *every local law on Earth* for the purpose of blocking use that would not conform to law governing the *user* didn't appear to cross the court's mind. (or, since this is a linguistics site, appeared to not cross the court's mind).
That still doesn't explain considering a domain name a "device", though, which is against the plain meaning of the word. Furthermore, one of the strongest principles of statutory interpretation is that criminal statutes must be construed narrowly, in order to avoid prosecuting someone for misunderstanding the law. (Although based on Bill Poser's post of 6:49 pm, maybe the in rem proceeding allows the government to evade that too. Disturbing, if true.)
Nick Lamb said,
October 22, 2008 @ 10:38 am
Ray Girvan, iirc the crown lost R v Gold in the Lords, because the Law Lords (who tend to be quite sensible about these things) rejected the hypothesis that a password (an idea after all which long predates computers) is actually an instrument.
Ray Girvan said,
October 22, 2008 @ 1:40 pm
the crown lost R v Gold in the Lords
Yep (and it was superseded by the Computer Misuse Act 1990); I just quoted it as a similar example.
Andy Hollandbeck said,
October 22, 2008 @ 2:12 pm
Regardless of the nonsense of the decision, is this even enforceable? Can the Kentucky government seize the domain name of a company in Las Vegas without the government of Nevada allowing it to?
This looks like a slippery slope that could lead to the Web restrictions we hear about in China and the Middle East. It'll sure be great for Kentucky to be known as "the Middle East of the Midwest."
This sounds to me like a case that someone is deliberately trying to get to the US Supreme court so it can make an official ruling about who controls the Internet.
Stephen Jones said,
October 22, 2008 @ 6:23 pm
The only way the government can get hold of a domain name is if the disputes committee assigns it. Local court orders are not a reason for losing a domain name.