GoDaddy caves to invalid subpeona

[Auraka]

http://www.eff.org/deeplinks/archives/005168.php

A few weeks back, we wrote about how domain name registrar GoDaddy took offline Seclists.org based merely on an informal request and without providing any meaningful notice to the site's operator. Unfortunately, this isn't the only instance in which GoDaddy has carelessly ignored its users' rights.

In February, EFF was contacted by an anonymous owner of a parody and criticism website forum that allegedly exposes the financial corruption and domestic scandal of a local politician in Birmingham, Alabama. As part of a civil case in family court, an attorney representing the politician's girlfriend issued a subpoena to GoDaddy seeking the identity of the website owner, who was not a party to the lawsuit.

With the website owner's right to anonymous speech on the line, what did GoDaddy do? It caved without any apparent hesitation, providing its customer with a mere three days to find a lawyer and decide whether to file a challenge. GoDaddy also refused to provide a copy of the subpoena, which included essential information to determine whether and how to respond.

GoDaddy promises in its privacy policy to turn over customers' information only if required by law, but its lawyers didn't give this subpoena even a shred of scrutiny. Had they done so, they could have seen it was clearly invalid -- GoDaddy is located in Arizona and Alabama state law doesn't permit a subpoena to be issued on someone out of state. That was the ultimate conclusion of the state judge who eventually quashed the subpoena, no thanks to GoDaddy.

Even putting aside this aspect of GoDaddy's casual disregard for its customer's interests, the company's behavior is shameful. The First Amendment limits the ability of litigants to pierce a speaker's anonymity, particularly when that person isn't even being sued. GoDaddy owes its customers meaningful notice, time, and information so that they can fight back and protect their rights.

With the help of lawyer Lewis Page, the anonymous website operator did manage to move to quash before it was too late. But GoDaddy's sloppy practices still put an unfair burden on this user and continue to threaten all of its customers' rights.

For what online service providers ought to do to protect their users, check out our best practice guide.

Posted by Derek Slater at 03:38 PM | Permalink | Technorati

 

[kraine2006]

Best loo

 

[IAmAllanShore]

Embarrassing, :imho: .

I completely understand that the exact course of events that transpired were what the EULA/T&C's stated would happen, but the "privacy protect" service is still advertised too aggressively considering its limitations, and burden placed on the owner to quash.

Just my .02, although I don't find fault in the actions GD took, I do instead in the policy that allowed those actions to be taken.

-Allan

 

[Jeffrey]

I dont like Godaddy. Even though i have about 15 domains there, i still feel unsecure.

 

[Dave_Z]

Simple lesson here is be aware of what your service provider can and can't do.

Unfortuantely things aren't getting any easier.

 

[thebutler]

Don't assume...

I really don't assme that any whois protection is going to stop the lawyers. Companies will quickly avoid anything that will cost them moeny when the lawyers appear from the swamps.

 

[AdoptableDomains]

I had an unfounded UDRP filed against me a couple years ago. The first I found out about it was when Godaddy charged me $29.99 to place a hold on my account. The case was a clear case of reverse hijacking as it was a three letter .us acronym domain wanted by a holder of the .edu TLD. I filed a reverse hijacking UDRP answer and their attorney called me and offered to purchase the domain and revoke their UDRP claim. They successfully got the com/net/org extensions by default as those owners didn't bother with a reply. Even though no UDRP was decided and they dropped the case, godaddy still charged the fee and thought it was justified for changing the domain status from ok to transfer/delete prohibited. Their TOS also indicated in fine print they could charge a processing fee, but no amount was in writing, so it was totally unexpected. I do keep a small portion (10%) of my portfolio there, but I would never use them for a working and developed domain.

 

[Damion]

Just my .02, although I don't find fault in the actions GD took, I do instead in the policy that allowed those actions to be taken.

-Allan

Interesting statement since Godaddy is in the end ultimately responsible for the policy enforced.
Or is DomainsbyProxy.com not a sub company from Godaddy.com?

 

[Jeffrey]

Mark,

Where do you keep your developed domain names?

 

[IAmAllanShore]

Interesting statement since Godaddy is in the end ultimately responsible for the policy enforced.
Or is DomainsbyProxy.com not a sub company from Godaddy.com?

More speaking that I can't fault them for doing exactly what the policy that we agreed to when registering there said they would do, although I do not like the policy...
IOW, they weren't willy-nilly about doing whatever the flip they wanted, but their policy sucks.
Sorry if I wasn't clear before.
-Allan

 

[Damion]

If a policy created by a company/entity is the cause of a problem? the cause of a situation that is immoral - a situation subject to freedom of speech in this case.
Then i don't see how you can differentiate and see these as two separate things and only hold one (The policy) accountable?

And was it not Godaddy's lawyers who actually did not pay attention making Godaddy ultimately responsible for their actions?

GoDaddy is located in Arizona and Alabama state law doesn't permit a subpoena to be issued on someone out of state. That was the ultimate conclusion of the state judge who eventually quashed the subpoena, no thanks to GoDaddy.

Not only is their policy sucks which IMO makes a company sucks - no difference there - but also are they doing the wrong thing by jumping up and down for anyones interest but not their customers.

Anyways, that's my view on this matter

 

[IAmAllanShore]

I think we might be saying the same thing, but just to clarify:

1) Their policy is not one that I can support,
2) But we did agree to it when we registered names there,
3) So I can't fault them for NOT following a policy.

I'm not trying to differentiate along the lines of the classic "Man vs. Man's actions" debate, but rather that we should be pushing for a change in the policy, not a change in their actions of adhering to their published policy.

"Gee golly Mr. Wilson, I've really muddied things up, haven't I!"

-Allan :gl:

 

[Damion]

Yup, a change in the policy is something that needs to done if GD wishes to be a better responsible registrar but will they then adhere to the policy?
A policy is only as good as it creator and the willingness of it's creator to enforce their own policy or a policy that they need to adhere to such as ICANN.

And absence of their willingness has already been shown.
I don't think we will see the end of GD issues in the future Allan

 

[Jasdon]

I think we might be saying the same thing, but just to clarify:

1) Their policy is not one that I can support,
2) But we did agree to it when we registered names there,
3) So I can't fault them for NOT following a policy.

But doesn't their policy state that they will only turn over (privacy) customers details if required to do so by law - and in this case, they weren't

 

[IAmAllanShore]

But doesn't their policy state that they will only turn over (privacy) customers details if required to do so by law - and in this case, they weren't

Technically your point at the beginning is correct, although I think you are reading too much into the "required to do so by law".

If you doubt, read for yourself:
http://www.domainsbyproxy.com/popup/subpoenapolicies.aspx

They followed their own policy, imho. Doesn't mean I like it, just means that it does seem to fit the expectation one would have if they were working from the agreement as written.

-Allan

Also here: http://www.domainsbyproxy.com/LegalAgreement.aspx?prog_id=

 

[Jasdon]

From their TOS

Upon the receipt of a valid civil subpoena,

but the subpoena wasn't valid.

Allan, it's no wonder you never see a poor lawyer! LOL

 

[johnny6]

For all the blowhardiness of Mr. Bobby Parsons, Godaddy sure rolls over at the slightest sign of trouble.......

 

[labrocca]

GD policy is as bad as RF's customer service. GD imho is not a good registrar simply because of their policies. It's almost worst than RF because it's intentional. They have designed he policy in a way to screw domainers at any chance they get.

Maybe when Parsons created GD he felt he needed as much legal protection as possible. However at this point he needs to reconsider them or they won't be taken seriously by heavy domainers with large portfolios. I keep less than 5 out of 600 domains at GD. I never renew there. I am always scared to have any name there that might get a C&D letter.

 

[IAmAllanShore]

GD policy is as bad as RF's customer service. GD imho is not a good registrar simply because of their policies.

I'm not disagreeing with the statement, but I did want to point out that the stated policy reads almost verbatim to Verizon's and dozens (if not more) of others. It's almost boilerplate at this point.

http://www.verizon.net/policies/vzcom/civil_subpoena_popup.asp
http://www.fatwallet.com/civil.php
http://www.emailias.com/corporate/privacy_policy.php
http://order.1and1.com/xml/order/SubpoenaPolicy?__frame=_top&__lf=Static

-Allan :gl:

 

[labrocca]

I'm not disagreeing with the statement, but I did want to point out that the stated policy reads almost verbatim to Verizon's and dozens (if not more) of others. It's almost boilerplate at this point.

http://www.verizon.net/policies/vzcom/civil_subpoena_popup.asp
http://www.fatwallet.com/civil.php
http://www.emailias.com/corporate/privacy_policy.php
http://order.1and1.com/xml/order/SubpoenaPolicy?__frame=_top&__lf=Static

-Allan :gl:

That's the problem with it...it's not tailored for domainers.