Australian government told to take on VeriSign for ownership of child porn riddled domain

The Cocos Keeling Islands were not given the option of controlling their own internet domain. Rik Soderlund

The .cc domain ranks alongside popular top level domains including .com, .net, and .xyz as well as a handful of country or territory specific domains such as .to (Tonga’s domain), .me (Montenego’s domain) and .nz as the worst domains in the world for child sexual abuse material, according to the Internet Watch Foundation’s 2019 report.

In contrast, .au does not feature in the top 10, nor do domains connected to other Australian territories such as .cx for Christmas Island, .hm for the Heard and McDonald Islands, .nf for Norfolk Island.

As well as child pornography, Dr Mortensen said the .cc domain had a long history of being associated with spam, phishing and other unsavoury online activities.

In the early 90s top level domains such as .au and .uk were created for each country and dependent territory.

The issues with the .cc domain began, according to Dr Mortensen, when former president of Seattle-based pornography company Internet Entertainment Group, Brian Cartmell, was given control of the domain in 1997 by the group now known as the Internet Assigned Numbers Authority (IANA) because of his background in the technology industry.

The IANA did not believe anyone on the Cocos (Keeling) Islands had the technical ability to run the domain.

Mr Cartmell created the company eNIC to sell .cc domain names and despite .cc being attached to the Cocos Islands territory, the islands received no benefits from any domain name sales, however Mr Cartmell did distribute some technology and grants to the islands.

It quickly became an attractive domain for spammers and fraudsters pretending to operate legitimate businesses, Dr Mortensen said.

Mr Cartmell, who is now an angel investor based in New Zealand who has backed the likes of Coinbase, hoped at the time to make an internet land grab and turn .cc into a popular domain, but he sold eNIC to US tech company VeriSign in December 2001 for an undisclosed sum.

A court case led by VeriSign investors against the company in 2004 suggested eNIC had a total of $US5 million in deferred revenue (when cash has been collected, but revenue is not yet booked) when the deal closed.

“Because it was given to a private enterprise, it was open slather,” Dr Mortensen said.

“The lack of government oversight has likely contributed to a focus on making the domain profitable, rather than accountable.”

Since its early days, Dr Mortensen said abhorrent content had seemingly flourished unabated on the .cc domain. However, he said VeriSign was not responsible for the content on these websites, but it does have the power to remove them.

VeriSign said in a statement that it did not own the .cc domain, but acted as a registry and that it had the endorsement of the Cocos Islands and the Australian government to do so.

“Our endorsement from the Shire includes contractual commitments to work with Australian law enforcement and security agencies, including the Australian Government’s Computer Emergency Response Team (CERT), to prevent and address cybercrime and malicious activity in the .cc [domain],” the company said.

“Whenever we receive credible reports from trusted third parties of domain names for which we provide registry services being used for illegal purposes, we share these reports with the appropriate legal authorities.

“And, when requested to do so by the appropriate authorities, we can – and do – then take action against a domain name to remove it from the zone file.”

Dr Mortensen and his colleague, Samuel Bashfield, are pushing the Australian government to take charge of the domain.

Dr Mortensen said he was confident the Australian government would be granted authority of the .cc domain, under the management of auDA, if it made an application to the IANA.

“Let’s assume VeriSign isn’t willing to hand it over, or if they do they demand a valuation – I don’t believe it would be obscene,” he said.

“But I doubt that would have to happen. The IANA has come a long way. I believe the Australian government would just have to make a case that they’re the rightful agent and there’s avenues to take control of it.”

The Department of Infrastructure, Transport, Regional Development and Communications said in a statement that it had not endorsed any party to run the .cc domain, and that it was a matter for the Cocos (Keeling) Island Shire Council.

“If there are concerns about any breaches of Australia laws in the management of the .cc country code Top Level Domain, these should be directed to the Australian Federal Police,” the statement said.

“If material is found to be ‘prohibited content’, the eSafety Commissioner can require removal of this content if it is hosted in Australia.”

Menu