Feeds

Phishing, cybersquatting scum could ruin gTLD fun for biz

Expert: Firms can't judge the risk until ICANN approves the domains

Secure remote control for conventional and virtual desktops

Businesses face extra costs and risks because of new internet domains, but the publication of a list of newly applied-for domains will not allow them to calculate those risks precisely, an expert has said.

Last summer directors at the Internet Corporation for Assigned Names and Numbers (ICANN), which is the body that oversees the identification of websites, voted to increase the number of gTLDs from the current number of 22. Top level domains are the suffixes to addresses and include familiar address endings such as .com, .org and .net. The first round of applications for the new gTLDs opened in January and closed last month.

On Wednesday ICANN published the full list of potential new generic 'top-level' domains (gTLDs) that have been applied for in its first round of applications. ICANN has previously said it wanted to "unleash the global human imagination" by extending the number of top level domains.

There are 1,930 applications, many from individual organisations or trade bodies, including Apple, Google and Microsoft. The list of domains applied for includes .bbc, .bank, .google and .london, with many firms competing for ownership of single domains.

More domains, more cybersquatters

However, concerns have been raised that increasing the number of domains will only increase the number of potential web addresses that could be obtained by 'cybersquatters'. Cybersquatting occurs when people buy domain names with the purpose of selling them on to trade mark owners for a profit.

Trade mark law expert Gillian Anderson of Pinsent Masons, the law firm behind Out-Law.com, said that businesses may not be able to account for the threat of cybersquatting until new gTLDs are actually approved.

"The main challenge brand owners face following the full list of newly applied gTLDs being released is identifying those gTLDs which will prove to be key to their businesses," Anderson said. "For example, KPMG has applied for the gTLD .KPMG, however as gTLD applications have been filed for .accountant and .accountants, it is likely that KPMG would also look to secure domain names such as KPMG.accountant and KPMG.accountants."

"Similarly we have seen several car manufacturers apply for gTLDs which incorporate their brands while .car and .cars has also been applied for," she said.

"As the gTLDs have not yet been approved it is difficult to predict the exact cost and potential harm the new gTLDs may bring to brand owners. However it is unquestionable that brand owners will incur additional costs in securing defensive registrations once the gTLDs become live," Anderson said. "At the launch ICANN was firmly of the opinion that the evaluation process and the pre- and post-delegation rights-protection mechanisms would prevent any harm being caused to brand owners; time will tell whether that is accurate or not."

Anderson added that companies should also be aware of potential new 'internationalised domain names' (IDNs) that could be registered in languages other than English, such as Chinese.

"The IDNs are of particular interest because they open up the internet in a way we have never seen before," she said. "Some of the IDNs applied for include transliterations of .com and .net. While a Hong Kong based company has applied for the Chinese equivalent of .trademark. If approved, brand owners must ensure that they have a strategy for securing key registrations in order to avoid infringement of its brands taking place."

The applications that have been submitted are now subject to an initial evaluation by ICANN. The review will check whether the applied-for domain is "so similar to others that it would cause user confusion" and "whether the applied-for gTLD string might adversely affect [domain name system] security or stability," among other things.

As part of the evaluation process new gTLD applicants must also set out how they would police "abusive registrations and other activities that affect the legal rights of others" as well as how they would "implement safeguards" to reduce the likelihood of "phishing or pharming".

Disputes

ICANN said it will evaluate the applications it has received in batches and that companies would have approximately seven months to raise any objections to the establishment of any of the new gTLDs proposed. It has established a dispute resolution framework that enables objections to be raised.

ICANN must then review the potential new gTLDs that have been applied for by more than one organisation and determine which organisation should own the contested domains. Thirteen applications were made for ownership of .app, which is the most contested of any of the new potential gTLDs.

Work has also begun on the establishment of a new 'trade mark clearinghouse' which would allow registries operating any new gTLDs to check whether proposed new domain names would interfere with the rights of others. Trade mark owners will also have access to the database of information in order to assert their rights.

Earlier this year the European Banking Authority (EBA) expressed its concern to ICANN over aspects of the proposed gTLDs expansion. It asked ICANN to withdraw the availability of .bank as a potential suffix.

Andrea Enria, chair of the EBA, said the regulator was concerned that consumers could be exposed to financial scams as a result of .bank and .fin being made available. She added that consumers could think that websites registered with .bank or .fin domains have been endorsed by financial regulators when they may not be.

"The potential for consumers of financial services to over-rely on what might be perceived as 'regulatory endorsement' of the companies operating under such TLDs is immense, and the risk for new types of fraud and 'phishing' can be enormous," Enria said.

"The same can be said of the danger for confusion regarding the operation of legitimate websites by 'true' financial institutions and regulated entities. This could lead to the need for them to establish costly and complex legal or commercial initiatives in order to safeguard their trademarks from frauds and abuses," she said.

Enria had also identified potential regulatory issues because websites rooted at .bank would "not [be] linked to a specific country, to a specific supervisor or to a specific regulatory framework."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.