ICANN Should Look Before It Leaps: Part II

September 24, 2013

Yesterday, I wrote about the proposal by the Internet Corporation for Assigned Names and Numbers (ICANN) (which manages domain names (DNS) on the Internet) to expand dramatically the number of those names. Rather than the 22 names we all know (e.g., “.com” “.gov”), ICANN now intends to add more than a thousand new names – but so far, without sufficient care about the potential harms to consumers, businesses and Internet users. These concerns about an overly rapid Top Level Domain rollout are very widespread. Governmental entities – and even ICANN’s own subgroups – have identified serious potential harms.  

Here is what some of our leading companies and industries are saying:

  • A coalition of electric cooperatives in New Mexico:  “[ we are ] concerned about the potential for the gTLD expansion to disrupt and compromise the security of not only their computer networks and communications systems, but also the infrastructure and facilities – such as power lines, switches, substations and transformers – used to transmit and distribute electricity throughout their service regions. …The Electric Cooperatives are concerned that this expansion of Internet addresses could compromise network security… The Electric Cooperatives believe that it is not solely their four cooperatives that face this threat, but all of the electric utility industry and, indeed, potentially the entire energy sector throughout the United States.”

    The electric cooperatives went on to state, “the Electric Cooperatives urge ICANN to delay the roll-out and implementation of the new  gTLDs, so as to provide sufficient time to study the potential adverse impacts of new gTLDs on the safety and reliability of electric transmission and distribution grids.”
  • General Electric: “The correlation between frequency and risk for any particular gTLD cannot be determined without additional contextual information. ICANN should endeavor to develop a more sophisticated risk model, and commission further studies on this subject…We strongly urge ICANN to exercise due caution in this area, and to not delegate any gTLD for which there is any question regarding risk until that risk is fully understood.”
  • Microsoft, Verisign, and Yahoo:  “These issues must be addressed to preserve the stability, security and resiliency of the DNS. Allowing known risks to remain unresolved would be irresponsible and inconsistent with ICANN’s core mission. It is crucial that ICANN’s leadership recognizes and works with the appropriate technical bodies to ensure these issues and risks are defined, evaluated, and addressed comprehensively. This is of particular concern to operators of Internet infrastructure whose networks and customers will be negatively impacted. The cost to business of transferring known risks to unknowing end users is substantial and must be avoided.  As described by the SSAC [the Security and Stability Committee of ICANN] and verified by the recent Interisle study, the delegation of new strings that are already widely in use as internal identifiers in enterprise, government, and other private networks into the root of this multi-billion user ecosystem will present substantial security risks. If and when delegations occur, these naming collisions will cause breakage in existing networks, negatively impacting enterprises, governments, and end users who are unaware of the source of the problem.”

    Microsoft, Verisign, and Yahoo!  then emphasized, “Unexpected name collisions caused by new gTLDs being delegated into the root could have devastating consequences…Any such negative impacts may have serious consequences for those who rely on the DNS, and this should raise significant liability concerns.”
  • The United States Telecom Association (US Telecom), a major organization representing Verizon, AT&T, as well as other telecommunications entities, noted, “…it is feasible that public safety agencies may have internal local name spaces with the potential for collisions with new gTLDs. Similarly, there are several new proposed gTLDs that could potentially collide with internal local name spaces containing highly sensitive personal conditions, including .HIV. Of course, this does not take into account the various gTLDs with seemingly innocuous names (e.g. .FLS) that in a global environment that uses multiple languages, could very well resolve to internal local name spaces containing critical sensitive information."

    US Telecom then stated, “Given the uncertainty surrounding the potential for domain name collisions, combined with the uncertainty over the potential impact of such collisions, it is imperative for ICANN to conduct additional study on this issue. USTelecom strongly urges ICANN to conduct a follow-up study to more fully understand the full spectrum of risks to private networks, equipment and devices posed by all new gTLDs and to develop appropriate mitigation measures as necessary.”
  • The Online Trust Alliance (a global organization addressing the end-to-end trust issues and challenges faced by consumers, online merchants and online financial services companies): “A single domain collision has the potential to bring down the entire IT organization of an enterprise… ICANN should undertake further study on this potentially serious and expensive remediation issue.”
  • The Chertoff Group (a global security advisory firm headed by former Secretary of Homeland Security Michael Chertoff, and whose team includes former CIA Director Michael Hayden):  “…we believe it is prudent to conduct additional analysis on the security and liability risks associated with these new gTLDs, particularly with regard to key resources and critical infrastructure.”
  • The American Insurance Association: “…the current 21-day comment period provides insufficient time to research this issue. We … respectfully request that ICANN grant an extension of time” [to conduct research].

So, let’s see: electricity providers; national security experts; telecommunications providers; insurers; Internet users; large manufacturers; national advertisers; and groups representing business generally—these are just some of the entities that stress that we’re not ready for a major deployment of new gTLDs, and that the rush to roll them out will expose consumers, businesses and users of the Internet to major risk of harm.  The concern about ICANN’s plans is growing and very serious. ANA believes ICANN needs to step back, collect more information, and assess the potential implications before delegating new strings into the root. If not, the very stability and security of the Internet will be jeopardized.

You must be logged in to submit a comment.