A Yes Men Double Fake?

Last month, the Canadian delegation at the Climate Change Conference in Copenhagen found itself targeted by the Yes Men in a widely publicized hoax. The well-known activists satirized the Canadian government's position on the environment by launching a pair of phony websites that looked official but promoted different policies.

The hoax attracted considerable media attention, prompting Prime Minister's Office spokesman Dimitri Soudas to label it a childish prank. Soon after, Canadian officials quietly set out to shut down the two websites.

What followed creates a cause for concern, because Environment Canada appears to have misrepresented the harms posed by the sites in an effort to force them offline without a court order.

Collateral damage

Internet providers frequently are asked to remove content, yet most reputable firms only do so with court oversight or a clear statutory mandate. One exception to this general rule involves cases of phishing, which is the criminally fraudulent process of attempting to acquire personal information such as usernames, passwords and credit card details by masquerading as a trustworthy entity. This occurs when fraudsters create websites that looks much like a popular bank or online auction site in the hope of prying personal data from visitors tricked into thinking they are dealing with a legitimate site.

Phishing operators move quickly, seeking to grab as much data as they can before authorities move to shut them down. The practice raises serious identity theft concerns, leading host ISPs to shut down alleged sites without waiting for a court order. While this helps limit potential harm, the Canadian government has become the poster child for how the system can be abused.

Within days of the Yes Men incident, both Environment Canada and the Canadian Cyber Incident Response Centre, which is part of Public Safety Canada, wrote to the hosting ISP to ask that it shut down the fake websites. While officials understandably pointed to trademark and copyright concerns (the sites were designed to look confusingly similar to actual government websites), those claims alone would not have been enough for most Internet providers to act.

Instead, officials used both the persuasive power of an official government request combined with inaccurate claims that the sites were engaged in phishing to escalate the issue. One email to the hosting company noted the request was sent on behalf of the minister of the environment to demand prompt deletion and removal of the hosted sites. The same email claimed the sites were involved in phishing, leading the German-based Internet provider to promptly shut them down.

In fact, in the rush to shut down the Yes Men sites, the Internet provider simultaneously shut down an additional 4,500 websites hosted at the same IP address. Those sites have since been restored.

Fooled twice?

In the aftermath of the case, the web administrator who shut down the sites expressed regret, arguing he acted under duress. Yet the real concern arises from the inflammatory government claims.

While the sites were obviously an embarrassment, there were several avenues to address the issue. Officials could have filed a complaint with the Canadian Internet Registration Authority, which manages the dot-ca domain (both sites used dot-ca addresses). Alternatively, they could have turned to the courts for an order to either shut down the sites or suspend the domain name registrations. Instead, the phishing claim effectively substituted one hoax for another and in the process undermined the trust in a global system designed to guard against identity theft.