I’ve been reading about the Wikileaks issue on some legal blawgs, and corresponding with Scott Greenfield about it, and I think there’s a bit of confusion over a technical issue. I don’t think anyone within Judge White’s jurisdiction is disobeying his order. I’m going to have to delve into some history here, but I think I can explain it without getting too technical. The key is that the network service of hosting web content is different from the network service of associating that content with a domain name.
The networking protocol for the Internet is called IP, which stands for internet protocol. Every computer on the Internet is assigned an IP address within the network where it can be reached. When a human is going to see or type an IP address, it’s usually broken into four numbers ranging from 0 to 255, which are written down separated by dots. E.g. “220.127.116.11”.
That’s an ugly thing to be typing, so since the earliest days of the the old ARPAnet, there has been a mechanism to allow us humans to use names for computers instead of numbers. Initially, every computer simply had a list of the names and addresses of every other computer. Each computer’s administrators would occasionally download a new list from a central location.
By the mid-1980’s, that system was no longer workable because the number of computers had grown into the thousands and it was hard to keep track of the changes across all the organizations on the network. To solve this problem, the architects of the internet invented the Domain Name System (DNS), in which the lists of names and addresses are stored on computers called name servers that the other computers query when they need to lookup a name.
For any given domain name—yahoo.com, windypundit.com, wikileaks.org—there’s a nameserver somewhere that’s responsible for providing the associated IP addresses. It’s called the authoritative name server, and whoever controls this server controls the meaning of all the domain names for which it has authority.
How does the network of name servers find the authoritative name server? They send a query about the domain name to a group of top-level name servers, called registries, which respond by refering the query to the name server that has authority for that domain. When you buy a domain name from a registrar, you’re buying the right to tell one of the top-level registries which nameserver has the authority for that domain.
(I have simplified the domain resolution process quite a bit. There are a lot more options, and there is a lot of localized caching to improve performance.)
When it comes to accessing a web site, there are five roles we need to be concerned about:
- The web server that actually serves the pages.
- The authoritative nameserver, which points to the web server.
- The registry, which points to the authoritative name server.
- The registrar, which is the business entity that sold the domain name.
- The registrant, which is the actual person or other entity that owns the domain name.
When you buy a domain name, you’re the registrant, and the registries are operated by the top internet authorities, but the other three roles are up for grabs. Many companies will sell you a package deal for registering a domain, operating the name server, and hosting your content, but it doesn’t have to be that way.
For example, the windypundit.com web server is operated by a company called DowntownHost, and the registrar is Tierranet. Currently, the name server is also operated by Tierranet, but I could switch it to DowntownHost or a third party if I wanted to.
Wikileaks used a similar arrangement. Their server is at IP address 18.104.22.168 and is run by a web hosting company called PRQ in Sweden. Their registrar is a company called Dynadot, located in California.
According to the court documents John Katz has posted, Judge White ordered the registrar, Dynadot, to remove all information about the wikileaks.org domain from the registry. As far as I can tell, they’ve done so. That’s why we get an error if we try to browse to wikileaks.org. (That’s also why I can’t tell you anything about the nameserver or the registrant—Dynadot has deleted that information.)
None of that, however, affects the actual web server that hosts Wikileaks. If you happen to know that its address is 22.214.171.124, you just have to type this into your browser:
The Internet will just route traffic between your computer and the Wikileaks server, without ever having to do a query on the wikileaks.org domain. It’s just between your browser and the Swedish server.
Maybe all these technical details are too low-level for the courts to take notice, but as far as I can tell, no one is disobeying the judge’s order. He ordered the name deleted, and it’s gone.