Feeds

Phishing, cybersquatting scum could ruin gTLD fun for biz

Expert: Firms can't judge the risk until ICANN approves the domains

High performance access to file storage

Businesses face extra costs and risks because of new internet domains, but the publication of a list of newly applied-for domains will not allow them to calculate those risks precisely, an expert has said.

Last summer directors at the Internet Corporation for Assigned Names and Numbers (ICANN), which is the body that oversees the identification of websites, voted to increase the number of gTLDs from the current number of 22. Top level domains are the suffixes to addresses and include familiar address endings such as .com, .org and .net. The first round of applications for the new gTLDs opened in January and closed last month.

On Wednesday ICANN published the full list of potential new generic 'top-level' domains (gTLDs) that have been applied for in its first round of applications. ICANN has previously said it wanted to "unleash the global human imagination" by extending the number of top level domains.

There are 1,930 applications, many from individual organisations or trade bodies, including Apple, Google and Microsoft. The list of domains applied for includes .bbc, .bank, .google and .london, with many firms competing for ownership of single domains.

More domains, more cybersquatters

However, concerns have been raised that increasing the number of domains will only increase the number of potential web addresses that could be obtained by 'cybersquatters'. Cybersquatting occurs when people buy domain names with the purpose of selling them on to trade mark owners for a profit.

Trade mark law expert Gillian Anderson of Pinsent Masons, the law firm behind Out-Law.com, said that businesses may not be able to account for the threat of cybersquatting until new gTLDs are actually approved.

"The main challenge brand owners face following the full list of newly applied gTLDs being released is identifying those gTLDs which will prove to be key to their businesses," Anderson said. "For example, KPMG has applied for the gTLD .KPMG, however as gTLD applications have been filed for .accountant and .accountants, it is likely that KPMG would also look to secure domain names such as KPMG.accountant and KPMG.accountants."

"Similarly we have seen several car manufacturers apply for gTLDs which incorporate their brands while .car and .cars has also been applied for," she said.

"As the gTLDs have not yet been approved it is difficult to predict the exact cost and potential harm the new gTLDs may bring to brand owners. However it is unquestionable that brand owners will incur additional costs in securing defensive registrations once the gTLDs become live," Anderson said. "At the launch ICANN was firmly of the opinion that the evaluation process and the pre- and post-delegation rights-protection mechanisms would prevent any harm being caused to brand owners; time will tell whether that is accurate or not."

Anderson added that companies should also be aware of potential new 'internationalised domain names' (IDNs) that could be registered in languages other than English, such as Chinese.

"The IDNs are of particular interest because they open up the internet in a way we have never seen before," she said. "Some of the IDNs applied for include transliterations of .com and .net. While a Hong Kong based company has applied for the Chinese equivalent of .trademark. If approved, brand owners must ensure that they have a strategy for securing key registrations in order to avoid infringement of its brands taking place."

The applications that have been submitted are now subject to an initial evaluation by ICANN. The review will check whether the applied-for domain is "so similar to others that it would cause user confusion" and "whether the applied-for gTLD string might adversely affect [domain name system] security or stability," among other things.

As part of the evaluation process new gTLD applicants must also set out how they would police "abusive registrations and other activities that affect the legal rights of others" as well as how they would "implement safeguards" to reduce the likelihood of "phishing or pharming".

Disputes

ICANN said it will evaluate the applications it has received in batches and that companies would have approximately seven months to raise any objections to the establishment of any of the new gTLDs proposed. It has established a dispute resolution framework that enables objections to be raised.

ICANN must then review the potential new gTLDs that have been applied for by more than one organisation and determine which organisation should own the contested domains. Thirteen applications were made for ownership of .app, which is the most contested of any of the new potential gTLDs.

Work has also begun on the establishment of a new 'trade mark clearinghouse' which would allow registries operating any new gTLDs to check whether proposed new domain names would interfere with the rights of others. Trade mark owners will also have access to the database of information in order to assert their rights.

Earlier this year the European Banking Authority (EBA) expressed its concern to ICANN over aspects of the proposed gTLDs expansion. It asked ICANN to withdraw the availability of .bank as a potential suffix.

Andrea Enria, chair of the EBA, said the regulator was concerned that consumers could be exposed to financial scams as a result of .bank and .fin being made available. She added that consumers could think that websites registered with .bank or .fin domains have been endorsed by financial regulators when they may not be.

"The potential for consumers of financial services to over-rely on what might be perceived as 'regulatory endorsement' of the companies operating under such TLDs is immense, and the risk for new types of fraud and 'phishing' can be enormous," Enria said.

"The same can be said of the danger for confusion regarding the operation of legitimate websites by 'true' financial institutions and regulated entities. This could lead to the need for them to establish costly and complex legal or commercial initiatives in order to safeguard their trademarks from frauds and abuses," she said.

Enria had also identified potential regulatory issues because websites rooted at .bank would "not [be] linked to a specific country, to a specific supervisor or to a specific regulatory framework."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

3 Big data security analytics techniques

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.