On February 15, the Website for the popular Web form builder JotForm was taken down by its host, GoDaddy, pursuant to a Secret Service investigation. GoDaddy redirected -- without notice -- Jotform.com and its pages (though, strangely, not Jotform.net, another domain owned by the company, to which JotForm wound up migrating all of its content as an interim fix) to NS1.SUSPENDED-FOR-SPAM-AND-ABUSE.COM.
GoDaddy and the feds have kept him in the dark, but JotForm cofounder Aytekin Tank suspects that the takedown had to do with a user-generated phishing form -- a problem JotForm has dealt with for some time.
According to Tank, JotForm uses sophisticated filter technology to weed out phishing forms and suspected phishers from its service. In 2011, it suspended 65,000 user accounts. However, as Tank explains in a company blog post, with 2 million user forms on the site belonging to approximately 700,000 users, "it is not possible for us to manually review all forms."
After being down for more than 24 hours, Jotform.com went live again the next day by 5:00 p.m. EST. By that time, however, a lot of brand damage was done. "Many users were unhappy and lost trust in us," Tank wrote. "We might lose many of our customers."
A sampling of the comments on JotForm's company blog supports Tank's prediction:
- "What kind of content caused this? This is a serious allegation that demands an explanation from you."
- "This is going to cause us quite a bit of work for our company and when we're paying monthly for a service, I think we deserve a bit more info and security that its not going to happen again 2 weeks down the line."
- "Jotform sucks. Always some sort of problem. I will never again use or recommend Jotform. Already cancelled my subscription and will tell my friend to do so as well."
- "We are a multimillion dollar Canadian company that has used jotform the last year for customer inquires. They have been very reliable. However because of what has happened now we will have to implement an internally hosted solution to guarantee this will not happen again and ensure we will not loose [sic] our data. I will now have to question purchasing any more services from US internet related providers."
A more telling comment, referring to the recent boycott protesting GoDaddy's initial support for SOPA, may yet identify the real problem: "What did you expect from godaddy? This is completely your fault for not leaving that [expletive] company with all the others."
The JotForm takedown appears to have occurred in response, not to a warrant or other court order -- unlike most seizures under the much-criticized "Operation In Our Sites" undertaken by US ICE (Immigration and Customs Enforcement) -- but to a law enforcement request. GoDaddy's general counsel, Christine Jones, testified to Congress a year ago this month that GoDaddy regularly complies with mere prosecutor requests to take down material.
In other words, GoDaddy does not wait for due process. It apparently does whatever law enforcement agencies ask it to do. If you're a law enforcement agency, why bother to get a court order when you're dealing with fully complicit host providers?
As Tank writes, "This can happen to any web site that allows user generated content."
In a January 2011 post here on Internet Evolution, I argued that the electronics communications world needs major service providers to stand up to government on civil liberties and user rights, setting an example for others. This is even truer today in our alphabet soup climate of SOPA, PIPA, ACTA, and TPP -- bills that would give the government far too much power to infringe upon our online civil liberties.
Unfortunately, the JotForm takedown demonstrates that the US government can get along just fine in restricting our online liberties even without such laws, especially when GoDaddy and other online service providers are happy to help.
— Joe Stanganelli is a writer, attorney, and communications consultant. He is also principal and founding attorney of Beacon Hill Law in Boston. Follow him on Twitter at @JoeStanganelli.