[bc-gnso] Washington Post: Web industry officials balk at domain expansion plan

[Phil Corwin <psc@xxxxxxxxxxx>]

http://www.washingtonpost.com/business/technology/web-industry-officials-balk-at-domain-expansion-plan/2013/07/14/c69dcda4-ea69-11e2-a301-ea5a8116d211_story.html?utm_source=buffer&utm_campaign=Buffer&utm_content=buffer4db6b&utm_medium=twitter
Web industry officials balk at domain expansion plan
By Craig 
Timberg<http://www.washingtonpost.com/craig-timberg/2011/05/17/AFM2rbAH_page.html>,
 Published: July 14

A plan to dramatically expand the number of possible Web 
addresses<http://www.washingtonpost.com/business/technology/donuts-incs-major-play-for-new-web-domain-names-raises-eyebrows/2012/09/24/c8745362-f782-11e1-8398-0327ab83ab91_story.html>
 — by adding more than 1,000 new domains such as “.buy,” “.casino” and “.gay” — 
could cause widespread disruption to Internet operations, say some industry 
officials.

Efforts to augment existing domains such as “.com” and “.gov” have been 
underway for several years and are entering a critical new phase as industry 
officials meet at an international conference that began Sunday in Durban, 
South Africa. By summer’s end, the new domains could be going live at a pace of 
20 or more each week.

The plan has touched off a scramble among investors eager to gain control of 
the virgin Internet real estate, potentially worth billions of dollars in 
annual licensing fees. But a vocal group of critics is calling the speed and 
scale of the expansion reckless, given its possible impact on the Internet’s 
global infrastructure, which relies on interactions among computer networks 
owned by companies, universities and individual users.

Particularly troubling is the possibility of widespread “name collisions” that 
could happen when domains used by internal corporate computer systems — such as 
“.corp” or “.home” — get assigned to the Web more broadly. This could cause 
systems to fail, blocking access to e-mail or other internal programs, and also 
could open sensitive information to theft, some experts say.

“This could affect a million enterprises,” said Danny McPherson, chief security 
officer for Verisign, which is based in Reston and manages several of the most 
popular existing domains. “It could absolutely break things.”

McPherson and other security experts say the nonprofit group that oversees the 
designation of Web addresses, the Internet Corporation for Assigned Names and 
Numbers (usually known by its acronym, 
ICANN<http://www.washingtonpost.com/business/technology/icann-set-to-release-list-of-new-domain-proposals/2012/06/12/gJQAbVoPXV_story.html>),
 has not done enough study on the impact of the new domain names and does not 
have procedures in place to respond quickly if systems malfunction. Among those 
posing risk could be domains such as “.med” or “.center” that might be critical 
to the functioning of medical systems or emergency-response networks.

Similar concerns have been expressed by the Association of National 
Advertisers, which represents hundreds of major companies, and the Internet 
commerce site PayPal, which issued a letter in March saying, “The potential for 
malicious abuse is extraordinary, [and] the incidental damage will be large 
even in the absence of malicious intent.”

Defenders of the plan have called such fears overblown, arguing that the 
potential problems have been long understood and will be resolved before new 
domains are approved. Because the new domains will be released gradually, over 
the course of months, there will be time to manage problems as they arise, said 
Jeffrey Moss, chief security officer for ICANN.

“It’s not like it’s a runaway train without recourse,” Moss said. “We’re not 
going to do anything that harms the security or stability of the Internet.”

U.S. 
officials<http://www.washingtonpost.com/wp-dyn/content/article/2011/02/28/AR2011022803719.html>
 who oversee Web security issues through the Commerce Department’s National 
Telecommunications and Information Administration expressed confidence in the 
management of the domain program, issuing a statement saying, “We would expect 
these issues to be discussed and resolved within the ICANN multistakeholder 
process.”

Whoever wins control of the new domains will be allowed to sell licensing 
rights for the resulting new Web addresses, typically for annual fees, with a 
portion going to fund ICANN, which is based in Southern California. Just 
bidding for a domain costs $185,000.

Donuts 
Inc.<http://www.washingtonpost.com/business/donuts-inc-and-its-domain-duel/2012/09/25/352c3e44-074a-11e2-afff-d6c7f20a83bf_video.html>,
 an investment group that made the largest number of bids, with 307, said 
Verisign’s criticism of the process for launching the new domains was a result 
of self-interest. The company controls the popular “.com” and “.net” domains — 
giving it a degree of market power that could be diluted if new ones gain 
widespread acceptance.

“ICANN was created in large part to break Verisign’s monopoly over domain 
names,” Donuts spokesman Mason Cole said in a statement. “Now that the 
organization is on the verge of achieving that goal, it’s not surprising that 
Verisign is uncomfortable.”

Verisign officials say they support the program for adding new domains but 
believe the rollout should proceed more cautiously than currently planned.

The stakes are high in an era when a large and growing share of the world’s 
economic activity happens over the Internet. Even traditional brick-and-mortar 
businesses use online systems to communicate, manage inventories and interact 
with customers. Many also count on the security of networked computer systems 
to protect lucrative intellectual property and other valuable strategic 
information.

Moss, the ICANN security chief, acknowledged that some internal corporate 
systems will malfunction as new domains are created, and he said it would be 
the responsibility of company officials to resolve these problems.

“We want everything to work, and we’re going to try to make everything work, 
but we can’t control everybody’s networks on the planet,” he said.

Moss said the number of domains likely to cause problems is a “really, really 
small number.”

But critics have said it is irresponsible for ICANN to approve new domains 
before it knows the extent of the problems they would create and has plans in 
place to fix them. The cost of repairing systems — or the loss of security — 
would be borne by private companies that in most cases have little to gain from 
the hundreds of new Internet domains.

In addition to expressing such security concerns, corporate leaders have been 
complaining that the sheer number of new domains will cause a sharp rise in 
fraud and abuse as criminals buy up Web addresses intended to deceive 
consumers. Already, many companies are attempting to defend against this by 
acquiring many different Web addresses that include their corporate names. But 
that will become far more difficult, they say, with hundreds of new domains, 
including “.corp,” “.inc” and “.sucks.”

“If everything ran perfectly, this would extraordinarily transform the 
Internet,” said Dan Jaffe, executive vice president of the Association of 
National Advertisers. “There is every reason to believe that, as of now, there 
could be serious problems.”

Sign up today to receive #thecircuit, a daily roundup of the latest tech policy 
news from Washington and how it is shaping business, entertainment and science.



Philip S. Corwin, Founding Principal

Virtualaw LLC

1155 F Street, NW

Suite 1050

Washington, DC 20004

202-559-8597/Direct

202-559-8750/Fax

202-255-6172/cell



"Luck is the residue of design" -- Branch Rickey