Response to proposals (revised) for new gTLDs

[<peter.taylor@xxxxxxxxx>]

I am responsible for information security (including assurance of the security 
of our Internet customers) for an established financial services business.  In 
this role I have noticed a significant trend towards use of
internet domain capture and brand impersonation as part of a range of attempt 
to misdirect or defraud our customers.

Reading through the proposed framework for the new generic TLDs I am concerned 
that this proposal will bring about significant escalation of this type of 
fraudulent and/or malicious activity.

Customers on line are already faced with a daunting level of complexity in the 
navigation of on line services.  They can be forgiven to some extent for not 
clearly understanding the risks posed by misleading web domains or
misdirected search results even given the current domain space available.

This limited understanding in the consumer community leaves the onus on service 
providers and 'Internet structural' organisations (including ICANN)
to provide protection and safeguards against fraud on line.  As a result 
organisations offering services via the internet already have to invest 
disproportionate effort and funding in to managing and tracking use of
their brands on line.  This is both to protect their business and to protect 
customers against fraud such as 'phishing, 'pharming' and other 'scamming' 
activities.

The proposed extension to the gTLD space seem to me to increase the burden on 
consumers and service provider without addressing the structure for management 
of web domains to offset these risks.  This can only be to the
detriment of consumers, business and ultimately the Internet as a whole.

To address this I would like to see ICANN consult more widely with the Internet 
business and service communities, and also with consumer organisations in all 
of the major geographic areas to assess and address the impact of imperfect 
domain management on these stakeholders.  I would
also expect introduction of new gTLDs to be accompanied by stronger of 
protection for brand owners.  This might include more stringent controls within 
the registration process and also more pro-active controls around
the integrity of registrant data.  This should have a particular focus on 
consumer facing brands, for example an increased 'burden of proof' of ownership 
of a trademark brand before rights to a related domain are granted.

I would also like to endorse the recommendations of other bodies in regard to 
this, particularly the submission from Irfan Salim President and CEO of 
Markmonitor Inc.

Yours Sincerely

Peter F Taylor CISSP, CITP, MBCS
Information Security Manager
Bradford & Bingley