Since October of 2013, the Internet Corporation for Assigned Names and Numbers (ICANN) has made a transition towards the expansion of top-level names. This action has sparked concern in Internet stakeholders in regards to security concerns. ICANN was previously responsible for managing 22 domain names, including, “.com,” “.gov,” and others. With plans to rapidly rollout more names, government entities, businesses, consumers, and internet users have recognized a number of the associated security concerns. Today, there are 322 new top-level domains (TLDs) that have been granted by ICANN.
What are the resulting security threats?
Phishers and scammers have grown in number since the growth of TLDs, hijacking domains shortly after registration. There have also been instances of malware and phishing pages registered under specific and popular TLDs, transferring risks to users. The lack of preparation and security that exists in the Internet ecosystem is a perfect environment for criminals to display malicious activity. Domain name collisions are occurring due to TLDs colliding with old and unresolved names that have been embedded in the global root. The result of such collisions is server delay, outages, and data theft that leave consumer information exposed. Malware and cybersquatting have also been exhibited in the top 35 most trafficked new TLD sites. TLDs continue to cause confusion and lack of security, with 36 being permitted to have singular and plural versions [e.g., .car(s), .work(s)], and 44 possessing close alternatives, such as .finance/.financial and .engineer(ing).
How are consumers affected by the threats?
The government, businesses, brands, and consumers are all affected by TLDs through various outlets of threats. Since White House’s domain is whitehouse.gov, there is no control over what kind of site is run from whitehouse.com. Unregistered and trademark brands alike also lie outside of the realm of protection by the ICANN Trademark Clearinghouse. With new TLDs, there have been threats via click-through fraud within pay-per-click advertising platforms like Google’s AdWords. On second level domain registrations, consumers have increasingly fallen victim to identity theft. This occurs because ICANN does not fully review their domain name applications, resulting in consumers perceiving closely-related names of banks or credit cards as the real company. Consumer confidence has deteriorated through occurrences of charity fraud during natural disasters, spam emails that appear to be sent from legitimate banks, and product counterfeiting through foreign-registered websites.
Have any resolutions been negotiated to address the security issues?
Today, all registrars of ICANN must follow the Uniform Domain Name Dispute Resolution Policy. Disputes that come from malicious registrations of domain names will be addressed by administrative proceedings in an expedited manner. These proceedings involve filing a complaint with an approved dispute resolution service provider.
However, the volume of new TLDs that ICANN offers without proper administration cannot be overshadowed by a resolution policy that fails to address the totality of issues. The Internet has been left prone to exploitation with initiatives that have not been implemented. The industry must continue to watch over ICANN and hold it accountable. Consumers can only be aware of the emails and links they click on to a limited extent, just as companies can only go so far as to implement a brand monitoring process to defend themselves against new TLDs and the dangers they pose.
At our law firm, we assist clients in legal issues related to internet, technology, and domain name disputes. You may contact us in order to setup an initial consultation.