In March 2012, and on behalf of the ICANN Security Team, I published a thought paper on domain seizuers. The paper helps folks ask the right questions and gather the right information as they prepare a court order, to make clear exactly what actions the issuer expects.
This first thought paper is not an endorsement of seizures. It acknowledges that domains will beseized and that people issuing court orders for those seizures need to understand how domain names and DNS work to ensure that the seizures are done properly and, more importantly, to insure against collateral damage.
Following the Microsoft/FS-ISAC/NACHA action against the ZeuS botnet in March 2012, Michael Sandee published an analysis of operation b71 where he explained that collateral damage is not limited to suspending or making legitimate domains or web sites unreachable, that a criminal enterprise the size of ZeuS will no doubt be the target for numerous investigations, and that absent sufficient information sharing, cooperation, coordination and trust among investigating parties, there is too much room for error or interference; simply put, one party's success can hamper the erstwhile and equally important efforts of others.
In my post, Domain Name Seizures Prominent in Dismantling the ZeuS botnet, I wrote
Looking ahead, providing clear instructions for domain registries or registrars can be an important part of the level of detail that Dittrich insists must be provided. Coupling this with the kinds of reasonable efforts Sandee encourages to verify that domains listed in complaints are "harmful" when the legal orders are executed is equally important to minimize collateral damage.
Today, and again on behalf of the ICANN Security Team, I've published a second thought paper, Domain Seizures Act II: Minimizing Collateral Harm, that discusses the collateral harm resulting from operation b71, Jotform, and Mooo.com events and recommends steps that investigators can take to minimize collateral harm in future seizure actions.