The US took domains used for piracy because they were American.

Teddy Sagi
Reading time: 7 minutes

The Department of Justice and Homeland Security Investigations (HSI) just said they had taken control of six domains that contained music without copyright. Since Verisign and GoDaddy are American companies, it was easy to take them over. But few questions still remain regarding these seizures.

Last week, Brazilian police said that Operation 404 would kickstart again.

The anti-piracy initiative started in 2019. The law enforcement agencies in the U.S. and U.K helped a lot. Brazilian authorities say they have blocked and seized the domains of hundreds of websites and apps to stop them from working.

Department of Justice Announces Seizures

After Brazil’s government said something about it last week, the U.S. Department of Justice followed them by giving more details on Monday. It was true that the capturing of domains is part of the Department of Justice and Homeland Security Investigations (HSI) ongoing work to stop copyright violations.

On the seizure banner showing now on those domains, you can see the official seals of the IPR Center, Department of Justice, and Homeland Security Investigations. There is also the seal of Brazil’s Ministry of Justice and Public Security. This displays that the main aim of the seizures was to help the Brazilian government.

The six domains are Corourbanos.com, Corourbano.com, Pautamp3.com, SIMP3.com, Flowactivo.co, and Mp3Teca.ws. They are all linked to illegally downloading music, so there is no doubt about that. When you analyze how and why they seized the domain, things get more confusing. But there are also other things to ask.

Affidavit in Support of Seizure Warrant

On June 14, 2022, Immigration and Customs Enforcement (ICE) and Homeland Security Investigations (HSI) filed an HSI Special Agent affidavit in the U.S. District Court for the Eastern District of Virginia. It explains why this action was a good idea.

The affidavit says that in April 2022, HSI got information from the Brazil-based anti-piracy company Ltahub. This company represents Warner Music Group, Universal Music Group, Sony Music Group, and Interscope Records in Latin America and the Caribbean.

Also, in April, HSI got more information from IFPI. This organization is the same as its member labels. It confirmed that the domains were being used to distribute music protected by intellectual property rights without permission. The Special Agent said that it was true that people in the Eastern District of Virginia could download music that broke the law.

The Sites That Break the Law

Based on the information in the affidavit, there is no doubt that the domains break a lot of people’s rights to their work.

There is a link between Corourbanos.com and Corourbano.com. Corourbanos.com gets about 1.1 million visitors a month, while Corourbano only gets 72K. About 680,000 people visit Pautamp3.com every month. On the other hand, 1.8 million people visit SIMP3.com. Flowactivo.co was visited by 1.6 million (more on that later), and 1.4 million people visit Mp3Teca.ws.

The recording industry thinks pre-release piracy is one of the most damaging violation types. Moreover, it’s important to note that the accusation against Corourbanos.com and SIMP3.com was pretty straightforward for making music available before it was available in stores. According to the affidavit, all of the pirate music sites’ domains easily meet the copyright infringement criteria.

Domain Seizures

After showing that the domains are illegal according to U.S. law, the HSI Special Agent says that a criminal seizure warrant is necessary because the domains would be taken away if the owners were found guilty.

The affidavit and subsequent press releases from the IFPI and DoJ don’t say that the domain owners are being prosecuted. But seizing their domains consequently shuts down their platforms. And it turned out that getting them wasn’t hard since they all had some link to the United States.

Corourbanos.com, Corourbano.com,Pautamp3.com and SIMP3.com use the top-level domain “.com.” VeriSign is the.com registry, and it is near Reston, Virginia. This means that it shouldn’t be hard to seize the domains at the highest level.

Verisign had to point the domains to two name servers (ns1.seizedservers.com and ns2.seizedservers.com). The main aim of this was to stop any changes or transfers until the prosecution proceedings were over. The registry asked to tell GoDaddy and Namecheap this information. These two companies from the U.S can make necessary administrative changes.

Both Flowactivo.co and Mp3Teca.ws were taken over differently. The reason behind this is their domain registries are not in the United States. The.ws registry is in Samoa, and the.co registry is in Bogotá, Colombia.

This was an easy problem to solve by just ignoring these overseas registries. HSI/ICE took a step back and went after the domain’s registrar instead. GoDaddy LLC, based in Scottsdale, Arizona, was given the same name server and modification prevention instructions as Verisign. So the result was the same in terms of how it worked.

Domains Seized For Brazil. Interesting

The HSI/ICE affidavit filed in Virginia doesn’t say anything about working with Brazilian authorities or Operation 404. The seizures were a part of this. This is where the seizures start to make less sense, at least based on how both U.S. and Brazilian authorities explain them.

Traffics On The Site

SimilarWeb data shows that about 1.1 million people visited Corourbanos.com every month. But the same information shows that most visitors came from Peru (50 percent), the Dominican Republic (12.4%), and Chile (9.4 percent ). Only 6.4% came from the United States, and less than 3% came from Mexico.

Only about 76,000 people went to Corourbano.com each month, and just over 89 percent of them came from Peru. Less than 6% came from Spain, and the Dominican Republic and Guatemala followed with 3% and 2% each. In short, Brazilians, who mostly speak Portuguese, didn’t care much about these two areas in Spanish.

Pautamp3.com continues a similar pattern. About 4% of Brazil’s population speaks Spanish, so it makes sense that about 27% of its visitors are from Spain, 17% are from Argentina, 11% are from Mexico, 6% are from Chile, and 5.5 are from Ecuador. The amount of traffic from Brazil and the U.S. is minimal, no matter how we see it.l

SIMP3.com is also available in Spanish, and Spain (30%), Mexico, Argentina, Peru, and Colombia are the countries with the most users (6 percent ). Again, interest in Brazil is negligible.

Flowactivo.co is also in Spanish, but it goes against the trend in that 37% of its visitors come from the United States. After that, Spain, Italy, and Venezuela are next in line. But the site doesn’t get anywhere near 1.6 million visits per month, which is what the affidavit says. Data from SimilarWeb shows that only 130K people visited the platform each month over the last three months.

Also, the traffic claims for Mp3Teca.ws seem too high. The affidavit says that there are 1.4 million visits per month, but SimilarWeb says that there have been between 800,000 and 1,000,000 visits per month over the past three months. Again, the site is not even popular in Brazil or the U.S. Most visitors come from Venezuela (20%), followed by the Dominican Republic, Spain, Mexico, and Ecuador (7 percent ).

Conclusion

From the small amount of data, it’s hard to draw solid conclusions. Although it is interesting that none of the six domains that the U.S. seized, supposedly to help a Brazilian anti-piracy operation, are of much interest to pirates in Brazil. On the other hand, the recording industry outside of Brazil, mainly in Spanish-speaking countries, will benefit, but why that had to do it through the U.S. and Brazil is another question.

The fact that the U.S. keeps looking at Brazil for not doing enough to stop piracy could be part of the answer. It’s on the USTR’s Special 301 Watch List (pdf) because it hasn’t done enough to stop IPTV piracy, for example. Streaming devices were also a big part of the most recent phase of Operation 404.

Another essential thing to learn is that if pirate sites use a domain whose registry or registrar is in the United States, it can be taken away immediately. This makes me wonder why the U.S. hasn’t gone after the hundreds of other pirate sites that get more traffic than even the most popular of the six seized domains.

Teddy Sagi Author

Leave a Reply

Your email address will not be published. Required fields are marked *