Feeds

Phishing, cybersquatting scum could ruin gTLD fun for biz

Expert: Firms can't judge the risk until ICANN approves the domains

The Essential Guide to IT Transformation

Businesses face extra costs and risks because of new internet domains, but the publication of a list of newly applied-for domains will not allow them to calculate those risks precisely, an expert has said.

Last summer directors at the Internet Corporation for Assigned Names and Numbers (ICANN), which is the body that oversees the identification of websites, voted to increase the number of gTLDs from the current number of 22. Top level domains are the suffixes to addresses and include familiar address endings such as .com, .org and .net. The first round of applications for the new gTLDs opened in January and closed last month.

On Wednesday ICANN published the full list of potential new generic 'top-level' domains (gTLDs) that have been applied for in its first round of applications. ICANN has previously said it wanted to "unleash the global human imagination" by extending the number of top level domains.

There are 1,930 applications, many from individual organisations or trade bodies, including Apple, Google and Microsoft. The list of domains applied for includes .bbc, .bank, .google and .london, with many firms competing for ownership of single domains.

More domains, more cybersquatters

However, concerns have been raised that increasing the number of domains will only increase the number of potential web addresses that could be obtained by 'cybersquatters'. Cybersquatting occurs when people buy domain names with the purpose of selling them on to trade mark owners for a profit.

Trade mark law expert Gillian Anderson of Pinsent Masons, the law firm behind Out-Law.com, said that businesses may not be able to account for the threat of cybersquatting until new gTLDs are actually approved.

"The main challenge brand owners face following the full list of newly applied gTLDs being released is identifying those gTLDs which will prove to be key to their businesses," Anderson said. "For example, KPMG has applied for the gTLD .KPMG, however as gTLD applications have been filed for .accountant and .accountants, it is likely that KPMG would also look to secure domain names such as KPMG.accountant and KPMG.accountants."

"Similarly we have seen several car manufacturers apply for gTLDs which incorporate their brands while .car and .cars has also been applied for," she said.

"As the gTLDs have not yet been approved it is difficult to predict the exact cost and potential harm the new gTLDs may bring to brand owners. However it is unquestionable that brand owners will incur additional costs in securing defensive registrations once the gTLDs become live," Anderson said. "At the launch ICANN was firmly of the opinion that the evaluation process and the pre- and post-delegation rights-protection mechanisms would prevent any harm being caused to brand owners; time will tell whether that is accurate or not."

Anderson added that companies should also be aware of potential new 'internationalised domain names' (IDNs) that could be registered in languages other than English, such as Chinese.

"The IDNs are of particular interest because they open up the internet in a way we have never seen before," she said. "Some of the IDNs applied for include transliterations of .com and .net. While a Hong Kong based company has applied for the Chinese equivalent of .trademark. If approved, brand owners must ensure that they have a strategy for securing key registrations in order to avoid infringement of its brands taking place."

The applications that have been submitted are now subject to an initial evaluation by ICANN. The review will check whether the applied-for domain is "so similar to others that it would cause user confusion" and "whether the applied-for gTLD string might adversely affect [domain name system] security or stability," among other things.

As part of the evaluation process new gTLD applicants must also set out how they would police "abusive registrations and other activities that affect the legal rights of others" as well as how they would "implement safeguards" to reduce the likelihood of "phishing or pharming".

Disputes

ICANN said it will evaluate the applications it has received in batches and that companies would have approximately seven months to raise any objections to the establishment of any of the new gTLDs proposed. It has established a dispute resolution framework that enables objections to be raised.

ICANN must then review the potential new gTLDs that have been applied for by more than one organisation and determine which organisation should own the contested domains. Thirteen applications were made for ownership of .app, which is the most contested of any of the new potential gTLDs.

Work has also begun on the establishment of a new 'trade mark clearinghouse' which would allow registries operating any new gTLDs to check whether proposed new domain names would interfere with the rights of others. Trade mark owners will also have access to the database of information in order to assert their rights.

Earlier this year the European Banking Authority (EBA) expressed its concern to ICANN over aspects of the proposed gTLDs expansion. It asked ICANN to withdraw the availability of .bank as a potential suffix.

Andrea Enria, chair of the EBA, said the regulator was concerned that consumers could be exposed to financial scams as a result of .bank and .fin being made available. She added that consumers could think that websites registered with .bank or .fin domains have been endorsed by financial regulators when they may not be.

"The potential for consumers of financial services to over-rely on what might be perceived as 'regulatory endorsement' of the companies operating under such TLDs is immense, and the risk for new types of fraud and 'phishing' can be enormous," Enria said.

"The same can be said of the danger for confusion regarding the operation of legitimate websites by 'true' financial institutions and regulated entities. This could lead to the need for them to establish costly and complex legal or commercial initiatives in order to safeguard their trademarks from frauds and abuses," she said.

Enria had also identified potential regulatory issues because websites rooted at .bank would "not [be] linked to a specific country, to a specific supervisor or to a specific regulatory framework."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Build a business case: developing custom apps

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Speak your brains on SIGNAL-FREE mobile comms firm here
Is goTenna tech a goer? Time to grill CEO, CTO
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.