Secret Service Shuts Down, Then Reinstates JotForm

 
 
By Fahmida Y. Rashid  |  Posted 2012-02-17
 
 
 

Two days after the U.S. Secret Service shut down online forms site JotForm for unspecified reasons, the company is back online. However, JotForm still doesn't know why law enforcement decided to shut down its site in the first place.

The Secret Service shut down JotForm Feb. 15 by ordering domain name registrar GoDaddy to remove JotForm's Domain Name Server entries from its servers, according to a blog post by Aytekin Tank, co-founder of Interlogy Internet Technologies, the creator of the JotForm service. The site JotForm.com may have been online, but the move effectively made it disappear from the Internet, as customers were no longer able to reach the site.

A DNS translates the IP address of the Web server into domain names, so removing the entries meant no one knew how to find JotForm anymore. The only way people were able to get to JotForms was if they knew the IP address.

"We are fully cooperating with them, but it is not possible to say when the domain would be unblocked," Tank wrote.

JotForm executives said they received no advance warning that the Secret Service started an investigation or that GoDaddy planned to modify the DNS settings, Tank, co-founder of JotForm, wrote on the company blog. When he tried to find out, no one answered his questions.

GoDaddy didn't know anything about the investigation and just complied with the DNS request, a representative told Tank. The Secret Service agent in charge promised to call Tank, but never did, according to the blog post.

€œThe agent told me she is busy and she asked for my phone number, and told me they will get back to me within this week," Tank wrote on The Hacker News.

GoDaddy was instructed Feb. 16 to reinstate JotForm in its DNS listings. GoDaddy didn't get any more information, and Tank claims to still have no idea what happened beyond the fact that there was an ongoing legal investigation. A spokesman told eWEEK that the company could not comment on the incident due to privacy concerns.

"We will probably never find out the reason for the suspension," Tank wrote in an update. "It has been a very difficult two days for both our users and for us. So, I hope this is the end."

A Secret Service spokesperson told eWEEK: "We are aware of this matter," and that the agency was internally investigating the incident to "make sure all our policies and procedures were followed." He could not comment on any other questions.

Since DNS propagation usually takes a few hours, often days, JotForm had some time to contact users through email and Twitter before their forms became inaccessible. The company's alternative domain, jotform.net, had not been suspended, which allowed users to switch to the new domain in time.

JotForm is an online service that lets people easily create forms on the Web and use it to collect information. Similar services such as WuFoo and Google Docs allow users to create forms.

While it€™s unclear what prompted the investigation, Tank suspects a user may have been trying to use the platform to create a phishing scheme. The company relies on Bayesian phishing filters to identify malicious forms and suspended 65,000 accounts last year, according to Tank. With more than 2 million user-generated forms, it is not possible for the company to manually review each one.

"I was ready to shut down any form they request and provide any information we have about the user," Tank claimed, but the agent in charge told him she needed time to review the case.

Under the Digital Millennium Copyright Act, service providers are not liable for content their users post. Companies like YouTube and Facebook are protected under DMCA, but it's not clear why JotForm was not.

It's also not clear why the entire domain had to be shut down, instead of just asking JotForm to take action on the offending content.

"SOPA [Stop Online Piracy Act] may not have passed, but what happened shows that it is already being practiced," Tank wrote.

The controversial anti-online-piracy bill Stop Online Piracy Act€”the subject of widespread Internet protests last month before being shelved€”had provisions that would have made domain name seizures much easier. The frightening thing about the JotForm incident is the ease in which a government agency could shut down a site without SOPA.

Law-enforcement authorities have turned to seizing domain names as part of their fight against criminal activity. The U.S. Immigration and Customs Enforcement (ICE) agency has started Operation in Our Sites, which seizes domain names of Websites suspected of violating copyrights. ICE agents seized 307 domains for unauthorized live sports streaming and selling fake professional sports merchandise just days before the Super Bowl this month.

The FBI shut down file-sharing service Megaupload for hosting illegal and pirated content in January.

"I believe this can happen to anybody who allows users to create content on the Web," Tank wrote.

Many users chided Tank for using GoDaddy as his registrar. GoDaddy originally was steadfast in its support of SOPA before a boycott forced the company to back down, and its general counsel Christine Jones told Congress last year that GoDaddy would shut down domain names and Websites as soon as told to do so, whether it's by court order or a request from federal or state prosecutors.

GoDaddy has been involved in several takedowns against 600 different Websites for selling counterfeit Chanel products.

Following this incident, JotForm has moved its domains to NameCheap and Hover, said Tank.

Rocket Fuel