ICANN Should Look Before It Leaps: Part I

September 23, 2013

The Internet Corporation for Assigned Names and Numbers (ICANN) manages domain names (DNS) on the internet, and it is planning a dramatic expansion of those names. Rather than the 22 names we all know (e.g., “.com” “.gov”), ICANN now intends to add potentially more than a thousand new names. Unfortunately, as the Association of National Advertisers has been warning for some time, ICANN appears to be rushing to deploy those names without taking the necessary steps to ensure the stability and security of the internet. The potential harms to consumers, businesses and internet users could be very serious, increasing the dangers of fraud, deception, phishing, cybersquatting and other cyber harms. Yet ICANN plows ahead on its determined – and potentially very dangerous – schedule.

Various governmental entities have stated real concerns about the DNS expansion. Officials at the Federal Trade Commission (FTC) have said that, “the potential for consumer fraud is great," and that the planned deployment was a “potential disaster.” Commissioner Julie Brill stated at ANA’s Advertising Law & Public Policy Conference, “I remain concerned, as I have been since ICANN first announced its plans, that the expansion could create opportunities for scammers to defraud consumers online, shrink law enforcement’s ability to catch scam artists, and divert the resources of legitimate businesses into litigating and protecting their own good names.” The Chairman of the U.S. Senate Committee that oversees internet issues, Jay Rockefeller, wrote to ICANN urging that a limited round of domain name deployment be done at first, so as to permit a one-year review period as to its effectiveness. In July, the U.S. Senate Appropriations Subcommittee with jurisdiction over internet issues called on the Department of Commerce to assess whether ICANN will have in place the necessary security elements to protect stakeholders during the DNS deployment.

ICANN itself, in a recent report by its own independent consultant (The Interisle Consulting Group), acknowledges the potential for harm, in particular from name collisions (i.e., a clash between existing internal domains and newly applied-for top level domain names – such as “.corp” or “.home”). The report found that almost all applied-for TLDs have some risk of clashes, and that the harm might become apparent only after a new name had been delegated. While the report is inadequate (e.g., it studied only numbers  not kinds  of clashes, such as critical network outages for companies or critical system failures like gas pipeline or electric grid harms), ICANN itself acknowledges the potential for problems. 

Two groups within ICANN itself have recently expressed similar concerns. ICANN’s GNSO Business Constituency stated, “The main concern of the BC is ensuring that any potential for domain name collision in the private network environment  including the continuity and availability of in-house corporate IT systems – be fully studied, understood and remediated before new gTLDs are introduced into the root…. We urge ICANN to complete additional studies on the name collision issues to more fully understand ‘acceptable risk…'”

The Intellectual Property Constituency said, “Given the serious possibility of security risks and consumer confusion, interested and concerned parties require additional time to analyze the Interisle Consulting Group’s report, ICANN’s proposals, and to conduct and analyze data collected through their own efforts.”

ICANN needs to heed these warnings and not launch a vast array of new gTLDs until all the needed security and safety analyses have been completed and adequate protections have been put in place.

Tomorrow we will discuss the numerous other groups that have echoed and amplified these concerns about a premature rollout of gTLDs by ICANN.

You must be logged in to submit a comment.