Running an Internet domain is a little like generating nuclear power: do it right, and you safely provide an important resource to a grateful community; do it wrong, and…well, let’s just say you don’t want to do it wrong.
That may explain why business leaders are so concerned about the latest iteration of ICANN’s plan to create potentially hundreds of new Internet domains.
I did my best to highlight those concerns when I spoke before the ICANN Board at the public forum here in Mexico City Thursday. Operators of new top-level domains will have a leading role in protecting consumers from fraud and phishing scams. In addition they must prevent abusive registrations intended to extort money out of brand owners. Defending against so-called “cybersquatting” already costs companies millions of dollars annually. The introduction of an unprecedented number of domains could increase those costs exponentially, if it isn’t handled carefully.
But in the draft “guidebook” for potential new domain operators, the standard for preventing abusive registrations is currently set dangerously low. Applicants can get a passing score by simply describing what — if anything — they intend to do to prevent abusive registrations.
That’s it. There’s no requirement that applicants even have a plan and the expertise to make it work. From a business perspective, that simply isn’t good enough.
As I told the board, ICANN must “raise the bar” for new domain applicants. Put simply, applicants should not be able to get a passing score unless they have adopted industry best practices for protection of consumers. There is no silver bullet to address the problem, but there are known methods that, used in concert, can protect consumers and brand-holders alike. It is ICANN’s responsibility to require applicants to implement real protections for consumers and global brands.
And abusive registrations are just the tip of the iceberg as far as challenges that will face new registry operators. As cyber-crime grows in scope and complexity, some ICANN board members have expressed open concern that smaller, less experienced registry operators will not be able to keep pace with the rising tide of increasingly sophisticated attacks that they will face.
An improperly secured registry could become not just a victim of electronic attacks, but an unwitting tool for cyber-criminals. We all want this new domain experiment to work, because the alternative is frankly terrifying. The first, and most important step will be to set a high bar for those seeking to operate these critical global resources.