Columns

Yes Men Takedown Trades One Hoax For Another

Last month, the Canadian delegation at the Climate Change Conference in Copenhagen found itself targeted by the Yes Men in a widely publicized hoax.  The well-known activists satirized the Canadian government’s position on the environment by launching a pair of phoney websites that looked official but promoted different policies. The hoax attracted considerable media attention, prompting Prime Minister's Office spokesman Dimitri Soudas to label it a childish prank.  Soon after, Canadian officials quietly set out to shut down the two websites.  

My weekly technology law column (Toronto Star version, homepage version) notes that what followed creates a cause for concern, because Environment Canada appears to have misrepresented the harms posed by the sites in an effort to force them offline without a court order.

Internet providers frequently are asked to remove content, yet most reputable firms only do so with court oversight or a clear statutory mandate.  One exception to this general rule involves cases of phishing, which is the criminally fraudulent process of attempting to acquire personal information such as usernames, passwords and credit card details by masquerading as a trustworthy entity. This occurs when fraudsters create websites that looks much like a popular bank or online auction site in the hope of prying personal data from visitors tricked into thinking they are dealing with a legitimate site.  

Phishing operators move quickly, seeking to grab as much data as they can before authorities move to shut them down.  The practice raises serious identity theft concerns, leading host ISPs to shut down alleged sites without waiting for a court order.  While this helps limit potential harm, the Canadian government has become the poster child for how the system can be abused.

Within days of the Yes Men incident, both Environment Canada and the Canadian Cyber Incident Response Centre, which is part of Public Safety Canada, wrote to the hosting ISP to ask that it shut down the fake websites. While officials understandably pointed to trademark and copyright concerns (the sites were designed to look confusingly similar to actual government websites), those claims alone would not have been enough for most Internet providers to act.

Instead, officials used both the persuasive power of an official government request combined with inaccurate claims that the sites were engaged in phishing to escalate the issue.  One email to the hosting company noted the request was sent on behalf of the Minister of the Environment to demand prompt deletion and removal of the hosted sites.  The same email claimed the sites were involved in phishing, leading the German-based Internet provider to promptly shut them down.  

In fact, in the rush to shut down the Yes Men sites, the Internet provider simultaneously shut down an additional 4,500 websites hosted at the same IP address.  Those sites have since been restored.

In the aftermath of the case, the web administrator who shut down the sites expressed regret, arguing he acted under duress.  Yet the real concern arises from the inflammatory government claims.  

While the sites were obviously an embarrassment, there were several avenues to address the issue.  Officials could have filed a complaint with the Canadian Internet Registration Authority, which manages the dot-ca domain (both sites used dot-ca addresses).  Alternatively, they could have turned to the courts for an order to either shut down the sites or suspend the domain name registrations.  Instead, the phishing claim effectively substituted one hoax for another and in the process undermined the trust in a global system designed to guard against identity theft.

16 Comments

  1. Laws do not apply to corrupt elites.
    As I age I see so many of the worlds problems caused by a corrupt elite who think they are better than everyone else. They have consolidating power since the Regan era. Step one was to destroy education.

    We need to raise the tax rate on the richest 5% and increase capital gains taxes. Put tax rates for the rich back to where they were 30 years ago. That money could be used to properly fund education again and then we could start taking back our country with a populace capable of critical thinking.

  2. This is news…
    This has got to be the most vehement defense of fraud I’ve ever seen. I’ve been following this since December, and claims that phishing shutdown requests were made appear to have originated in comment threads, been picked up by blogs, then finally appeared on news sites.

  3. If you agreed with the government position, I doubt you’d be complaining about the takedown.

  4. pat donovan says:

    grunt
    sounds like the PM’s office to me… have they spread their boys THAT far around town?

    packrat

  5. Matthew Rimmer says:

    Worth thinking about whether the original Yes Men sites should have been shut down. There are larger issues here about the legitimacy of culture-jamming – including parody, satire, fair use, and freedom of speech (under the Canadian charter and elsewhere).

  6. Supreme Pizza says:

    Fully loaded
    It really makes one wonder, governments and companies clamoring for new laws! New laws to control the internet, new laws for climate control, no laws exist against that, never mind we’ll create some and if that doesn’t work (it didn’t) we’ll create some more even if the science doesn’t add up! Everyone knows more laws make the world safer! You can’t even sing Happy birthday in public without paying through the nose, I mean Happy F___ing Birthday! BAHHH! Courts are so far behind on the technological bell curve they can’t hear the ringing in their ears anymore or an even better analogy would be that the Courts are so blinded by the corporate popups they can no longer see the browser window.
    If that weren’t bad enough music companies are suing the piss out of people at 20,000 clams per tune meanwhile ripping off the artists who created it who in turn sue them. Courts seem to have equated the value of a human life lost in a plane crash to that of a having an illegal copy of a song, ‘My life for a song’ has a whole new meaning now doesn’t it? Government should respect its’ laws at least, not cramming back boxes of doughnuts while on the loo. It’s all about showing some RESPECT and not being GREEDY. You can’t legislate respect nor moderation. People have to be raised with these values, values that have been systematically taken apart by the courts since the fifties in the guise of creating newfound freedoms. The whole system is now broken and nobody really truly seems to give a rats ass, they just want their money and power.
    nuff said.

  7. Anonymous Coward says:

    WHOIS
    If the government is concerned about the problems posed by fake web sites, it should tell CIRA to reverse it’s decision to hide WHOIS information for .CA domain names from the public.

  8. “This has got to be the most vehement defense of fraud I’ve ever seen.”

    No, I’m pretty sure this is an attack on fraudulent behavior.

    Whether or not you think the webpage needed taking down, governments have a duty to uphold the law and set an example for its citizenry. Taking petty vengeance and pulling a prank on a bunch of jokesters is in no way professional. If current laws are not set up to adequately deal with these situations, then the government needs to step back, take a deep breath and start making some changes. Circumventing due process, and lying to get their way because doing it right would be too slow is improper behavior.

  9. North of 49 says:

    Why the need for speed?
    One question that needs to be asked here is why the government decided in the first place that “doing it right” was too slow. Why the need for such haste that they had to lie to get the sites taken down?

    A normal government (you know, one composed of adults), could simply have issued a statement that they had been punked by the Yes Men, identified the bogus sites, stated that the process to take the sites down had begun, and meanwhile everybody should understand that the content of these sites was not the position of the government of Canada. How hard could that be?

    But what did they do? They panicked. They can’t take criticism, they lash out at it in blind fury and try to smother it any way they can, legal or not, moral or not, honourable or not.

    Of course, if Harper’s government had been an honest actor on the environment for the past four years the Yes Men wouldn’t have felt the need to pull this stunt, would they?

  10. Wizard Prang says:

    Saving Edumakation
    They’re not interested in _destroying_ education – they are interested in _controlling_ it, so that the end product is a docile populace of good little consumers who do not know how to think for themselves and never ask the hard questions of those who are supposed to be representing them.

    Money is not the problem; here in the US I paid over $1000 last year for education – and I don’t have any kids. State education is more expensive than “private” education per kid.

    You won’t save education by raising taxes – you will save education my removing Government intervention at the Federal and State level.

    Raising taxes just encourages the Government to find new and creative ways to make the money disappear. In the US, the lottery was justified by using the proceeds to help fund education. The consequences were predictable; for every dollar the lottery raised, the Government held on to a dollar…

    “Taxing the rich” will never work. Who are “the rich”? What is your definition of rich? You cannot strengthen the weak by weakening the strong. Tax them hard enough and they will just… leave. It happened in Britain in the 1970s.

    “Put tax rates for the rich back to where they were 30 years ago”

    If I remember my history, thirty years ago was last year of the Carter Administration, and the economy was in the toilet. Then Reagan took over, _lowered_ taxes…, balanced the budget (partially by raiding the antiSocial inSecurity piggybank) and the economy skyrocketed. I don’t want to go back there… do you?

  11. Wizard Prang says:

    Sorry, I forgot…
    … to mention the last one was directed @Nemo

  12. Anonymous Coward says:

    From the horse’s mouth
    Michael’s piece is mostly correct, but has a few inaccuracies. For a time line from the horse’s mouth go to: http://ole.tange.dk/canadian-takedown/timeline and http://www.enviro-canada.ca.

  13. Stop Internet Scams says:

    It can be reasonably demonstrated that in fact the Yes Men had misrepresented themselves and do phish with domain names they highjack. Consider the movie, Yes Men The Movie, in which they use a domain name to receive emails from users who think they are emailing the World Trade Organization. This group intercepted emails from unsuspecting victims who believed they were contacting the World Trade Organization for official invitations to participate in a conference. The conference organizers were misled by the Yes Men and there domain phishing antics, because they believed they really were confirming the participation of an official from the WTO, the Yes Men did not correct this misimpression created by their domain name. The same applies with the stunt involving the Government of Canada. It is one thing to have advocacy sites, or parodies, but another to outright mislead online users with hijacked domain names. It suggests bad faith and internet users should be protected from these types of scams. The next time you send an email to a government agency, don’t you want to make sure it is really a government agency? Hoax or not.

  14. The YES MEN admit to as much as phishing right on their website promoting their movie, YES MEN THE MOVIE:

    “Some visitors don’t notice the site is a fake, and send speaking invitations meant for the real WTO. Mike and Andy play along with the ruse and soon find themselves attending important functions as WTO representatives.” ( source: http://theyesmen.org/movies/theyesmen ).

    That sounds like phishing, don’t you think law professor Geist?

  15. “Some visitors don’t notice the site is a fake, and send speaking invitations meant for the real WTO. Mike and Andy play along with the ruse and soon find themselves attending important functions as WTO representatives.” ( source: http://theyesmen.org/movies/theyesmen ).

    All right then, I guess the government was acting legit.

  16. This is not Phishing
    “Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords. …

    Pretending to be someone who you aren’t is called impersonating, get your terms correct. Impersonating a site is not meant to be taken down by claiming it is a phishing site. If they claimed they were your bank, and wanted your passwords, then yes, it would be fishing, this most certainly was not.

    All of this comes down to the government acting outside of due process, violating the law to silence someone is not something we want our government to be doing. There are established processes to handle something like this and they were bypassed. This is inappropriate, plain and simple. Unfortunately, where the government is concerned, there is no accountability. This just sounds like another Manager saying, Get it done, and the employees running around to get brownie points.