Having heard that Kaspersky Lab, along with other cyber security outfits, were planning to launch the “Cyber Secure America Coalition,” we wondered if Eugene Kaspersky would mention the Coalition during his keynote address at the International Engagement on Cyber 2013 at Gaston Hall at Georgetown University.

The animated Russian CEO and IT security expert did not mention the new coalition in his presentation last week (you can read the press release here), but he did deliver an entertaining - and somewhat discomforting - talk on computer viruses and the havoc that has been wrought, and will be wrought by malicious software … the origin of which may or may not be betrayed by the language in which the source code is written.

For example – that August 2003 blackout in New York City that left residents and tourists sweating in the dark without access to cash from ATM machines or lighting in the stairwells of buildings that no longer had working elevators?

Based on his research, Kaspersky believes that malware infected computers linked to the power grid. This caused Internal applications to crash, and that’s when the trouble began.  He also described a cyber attack on the country of Estonia, a small but very connected country.  Kaspersky described how the attack shut down the Internet for the entire country and why he believes Russian criminals are to blame. 

So what do cyber attacks, malware and viruses have to do with domains - especially new, generic top-level domains? 

The best example of the connection may be phishing attacks.  Cybercriminals create fake websites that contain the name of a legitimate, trusted company or organization – often a financial institution - and use the site to trick users into visiting the site and even providing personal information. This happens constantly. Take, for example, this recent phishing attempt that, as Softpedia reports, leverages the popular social media platform, Facebook:

“Researchers from security firm Trend Micro have come across a piece of malware, TSPY_MINOCDO.A, that’s designed to modify local HOST files and monitor browser activity in an effort to redirect victims to a bogus Facebook security check page.

The malware, which is executed every time the computer starts, waits for the user to visit facebook.com or www.facebook.com. When one of the addresses is detected, victims are redirected to a page which informs them that “Security checks help keep Facebook trustworthy and free of spam.”

With the launch of new top-level domains, cyberspace will expand – increasing the opportunity for innovative business models AND bad actors to create deceptive website names and launch malware and phishing attacks in open, generic gTLDs. 

With much of the nation’s, and therefore the Senate’s, focus on gun control and immigration reform, schedules are tight and visiting hours, short. But, given the economic, national security, and consumer protection implications of cybersquatting and intellectual property infringement, shrewd politicians are keenly aware of and supportive of strengthening the ACPA.  

Specifically, our contacts were interested to learn more about the impending roll out of new gTLDs from CADNA President Josh Bourne. Cybersquatting is a serious issue in the current domain name space, and with the launch of new gTLDs, the opportunity for cybersquatting will only increase. Bourne described the first launches as “the chickens coming home to roost.”  The cost of defensive registrations in total, he continued, will be – conservatively – $2 billion. That’s money companies won’t spend on jobs, expansion, or investment. Some companies will simply decide to throw up their hands and decline to defensively register, leaving themselves and consumers exposed to the cyber crooks. 

Bourne’s proposed solution: updating and strengthening the ACPA by: 

1.  Increasing penalties against cybersquatting. 

Under current law, cybersquatters face statutory damages of between $1,000 and $100,000 per domain name. The courts have, however, generally awarded limited damages closer to $1,000 per domain name. For cybersquatters that monetize hundreds of thousands, or even millions, of Internet domain names through automated programs, this is not a lot of skin in the game. Cybersquatters know that, for brand owners, the cost of filing and pursuing legal action far exceed the potential damages the mark owner is likely to be awarded, and are therefore unlikely to use the ACPA as a weapon. Amping up the risks associated with cybersquatting by increasing the damages (and implementing a "loser pays" system for the associated legal fees) would make more bad actors opt out of the business.

2. Expanding the parties that are held responsible for cybersquatting.

Certain parties profit from revenue-sharing arrangements with cybersquatting entities through Internet parking pages, pay-per-click advertising, and other monetization schemes.  ACPA should be expanded liability to cover those in active concert or participation with the registrant. This isn't about pursuing third parties that act in good faith and support a safe and flourishing Internet – this is about discouraging third parties who purposefully shield bad actors and turn a profit because of it.

With spring quickly turning into summer and the first new gTLDs poised to launch before summer becomes fall, we are eager and committed to helping lawmakers take action to protect their constituents and support a trustworthy and innovative Internet. 

On December 13, Australia, the United Kingdom, Japan, the United States and 76 other countries joined the US in declining to sign the revised International Telecommunications Regulations treaty, which included language that would have allowed greater control by the International Telecommunication Union (ITU) over the Internet space.

As Forbes reported, “The Internet, and the forces that support the free and open movement of information, rolled over traditional UN alliances at the WCIT. An effort to shift governance of the Internet from private bodies like ICANN and IETF was thwarted.” 

The remaining 113 countries did sign the International Telecommunications Regulations Treaty on December 14th but, because U.N. agencies like the ITU are driven by consensus and the ability of representatives to get corresponding laws passed in their respective countries, the signed treaty lacks much power.  According to reporters for Commmunications Day, an online publication for telecom executives, head of the UK delegation Simon Towle explained “On the Internet itself, our position is clear. We do not see the ITRs as the place to address Internet issues. The proper place is multistakeholder fora, the IGF, the ICANN GAC.”

Hamadoun I. Toure, the secretary general of the ITU, explained his perspective on the significance of the annex in his statement released on December 13: “Annexed to the treaty is a non-binding Resolution which aims at fostering the development and growth of the internet – a task that ITU has contributed significantly to since the beginning of the Internet era, and a task that is central to the ITU’s mandate to connect the world, a world that today still has two thirds of its population without Internet access.”

Toure’s perspective is very different from that of Bill Smith, Internet Evangelist at PayPal who participated in the WCIT as a member of the United States Delegation. As he described in a blog recounting the experience in CircleID on December 17, “Considerable effort was expended in removing or mitigating the more egregious proposals. In the process we, and others, communicated the benefits of a free and open Internet, liberalized markets, and competition. Unfortunately, not all of the contributions were dealt with in a manner that enabled the United States and others to accede to the treaty.”

In a recent letter to Dr. Stephen Crocker, the Chairman of ICANN’s Board of Directors, Lawrence Strickling recognized the progress that ICANN has made with regard to law enforcement and contract compliance in the New gTLD Program.

We are now in the second week of ICANN’s new gTLD application period. According to a news release issued by ICANN, the first week saw 25 applicants successfully register in its TLD Application System, or TAS. As ICANN promised, the New gTLD Program is up and running exactly on schedule.

January 12, however, did not mark any sort of ending for those groups who, like CADNA, are continuing to push for constructive and achievable changes to the New gTLD Program. The fact that ICANN published yet another updated version of the New gTLD Applicant Guidebook late in the evening on January 11 shows just how willing it is to continue to make tweaks and adjustments to its policies, even this late in the game.

CADNA is continuing to explore new avenues through which to incorporate its proposed changes into the new gTLD policy, working with stakeholders within the U.S. government and with various ICANN policy-making groups. We are also redoubling our efforts to improve the 1999 U.S. Anti-Cybersquatting Consumer Protection Act (ACPA), with the purpose of decreasing instances of cybersquatting, both in new gTLDs as well as in existing ones. Our work isn’t done, and we look forward to welcoming any new groups who would like to join us in our efforts.

On Thursday, December 8, the U.S. Senate Committee on Commerce, Science and Transportation will host a full committee hearing on "ICANN's Expansion of Top-Level Domains."

According to the Committee's website, the hearing will "examine the merits and implications of this new program and ICANN’s continuing efforts to address concerns raised by the Internet community." In fulfilling its role as an advocate for brand owners in both U.S. and international legislation, CADNA has been working with Commerce Committee leaders to prepare for the hearing. CADNA has provided the Committee with background information on the New gTLD Program, and has discussed various issues that may be raised during the hearing.

We understand that the Commerce Committee has selected witnesses from across a broad spectrum of interests to provide testimony at the hearing, including representatives from ICANN, the non-profit sector and the private sector. Members of the FairWinds team will be attending the hearing, and we will post a recap here on the blog later this week.

For those that will be in or around our nation's capitol on Thursday, the hearing will take place at 10:00 am at the Russell Senate Office Building room 253. Others can stream the hearing via a live webcast from the Commerce Committee's website.

On the heels of the "What's at Stake: The Reality of ICANN's New gTLD Program for Brands" conference, CADNA has submitted a proposal to ICANN asking the organization to make the New gTLD Program less detrimental to brands. Specifically, the proposal consisted of the following request:

"We ask that the ICANN Board request an Issues Report to formally initiate a policy development process to determine when the next round of new gTLD applications will occur, thereby affirming its commitment to opening a second round in a timely manner."

We believe that disclosing when it will open a second round will increase the level of transparency around the controversial new gTLD policy, but more importantly, will go a long way in relieving the anxiety many brands feel around the New gTLD Program. Right now, many brands feel forced into applying in order to remain competitive, especially considering that it is widely known that other applicants have little to gain from openly sharing their plans to apply or not. This has created a sense of chaos around the first application round.

We're looking forward to hearing ICANN's response to the proposal, and hopefully working with ICANN in the future to improve the New gTLD Program.

DotAsia, the Registry Operator for the .ASIA generic top-level domain (gTLD) recently submitted a proposal to ICANN to allow the sale of one- and two-character second-level .ASIA domains. The proposal seeks to amend the registry's original contract with ICANN, approved in 2006, which explicitly restricted the sale of all single and two-character domains. If approved, the new proposal will mean yet another, albeit familiar, headache for businesses: a sunrise period during which trademark owners will have the opportunity to register their marks before the general public. Given that .ASIA has failed to take off with Internet users, for those brand owners primarily known by one and two character monikers like GE and GM, registration with .ASIA will most likely amount to a defensive maneuver.

According to ICANN’s data, domain registrations in .ASIA have steadily declined from a high of 250,000 registrations in the spring of 2009, to under 200,000 in June 2011. Compare that to .COM, which is pushing 100 million registrations. DotAsia's proposal to expand its domain space into single and two-character domains isn’t likely to generate a significant number of new registrations or vastly increase .ASIA’s market opportunities. However, the sunrise period for trademark holders will guarantee DotAsia a small, but fresh revenue stream as companies move to protect their names.

.ASIA’s struggles are a sign that not all gTLDs are created equal. The newer gTLDs (released after 2000) like .ASIA, .JOBS. and .TRAVEL, have historically faced an uphill battle to gain footing among Internet users because they lack daily relevance and are too broad to convey an immediate understanding of what they offer. Combined, those three gTLDs total just 261,847 registrations—that represents just 0.27% of .COM domain registrations. The success of gTLDs is a particularly relevant concern as the application period for ICANN’s New gTLD Program draws closer. Organizations applying for a category-term gTLD need to consider the appeal of their potential new string and also have a clear vision for how they plan to use it.

While narrower in scope, branded new gTLDs, such as .CANON (Canon, Inc. has publically expressed interest in acquiring a new gTLD), bring with them the force of their brands as well as immediate consumer understanding. Because branded gTLDs will likely be closed to outside registrations, their success will not depend on the number of domain registrations sold. Rather, evaluations of branded gTLDs will focus on how they are leveraged to add value to Internet user experience. Category-term gTLDs, meanwhile, will need a solid outreach campaign in order to attract and retain domain registrations—or else risk joining .ASIA in the ranks of languishing, irrelevant gTLDs.

We have often discussed the relationship between the U.S. Department of Commerce and ICANN. To review, the National Telecommunications and Information Administration (NTIA), an agency within the DoC, entered into an agreement with ICANN, wherein ICANN administers the IANA functions under a contract with the NTIA. IANA stands for the Internet Assigned Numbers Authority, and the “IANA functions” refers to the management of the Internet Protocol (IP) address space, the maintenance of registries of IP identifiers, and the management of the top-level domain name space (or the DNS “root zone”).

In the context of new gTLDs, the most salient aspect of that agreement is that the NTIA contracts ICANN to manage the top-level domain space – until now, that has meant gTLDs like .COM, .ORG and .NET as well as ccTLDs like .JP and .MX. But it was also within ICANN’s purview to expand the space, which it first did back in 2000 when it started adding new gTLDs like .INFO and .MOBI.

But like any contract, ICANN’s contract with the NTIA has an expiration date. It has been extended in the past, but is now set to expire on March 31, 2012. According to DomainIncite, the NTIA has now announced that it will accept proposals from potential new IANA contractors between early November and early December of this year.

March 31 falls within the new gTLD application period (January 12 – April 12, 2012). By then, multiple applications (potentially hundreds) will have already been filed, but the new gTLDs will not have made it into the root.

So what happens in the event that ICANN loses the IANA contract to a new contractor? More importantly, what happens if that new contractor repeals the New gTLD Program in favor of a slower new gTLD rollout or, even, no new rollout at all?

This scenario is not very likely – but it’s not impossible, either. If ICANN were to lose the IANA contract before it has the chance to add new gTLDs into the root, then there is a chance those new gTLDs will not make it into the root. Hopefully in that case, applicants will be refunded the application fee. There is also a possibility that the new contractor will honor those applications and continue on with the New gTLD Program.

One week from today, CADNA will be hosting an event about new gTLDs. The What’s at Stake: The Reality of ICANN’s New gTLD Program for Brands conference is designed to educate representatives from major brands about how ICANN’s New gTLD Program will impact their business, and also to spur specific changes to the new gTLD policy in order to make it less detrimental for brands.

Esther Dyson, Founding Chairman of ICANN, will deliver the keynote speech, and she will be followed by a series of panels that will address various aspects of the New gTLD Program. In addition to providing information, the speakers, who include domain strategy experts, marketers, advertisers and lawyers for major brands, will also discuss certain aspects of the Program that need to be improved, and how to work with ICANN to make those improvements. While it is clear that ICANN will most likely not repeal its New gTLD Program, the New gTLD Applicant Guidebook includes a provision that aspects of the Program can still be changed.

CADNA has been working with Judy Shapiro of engageSimply to plan this event. Judy featured the conference in an article she recently wrote for Advertising Age.

More details about the event can be found at WhatsAtStake.com. You can also request an invitation by emailing samantha@cadna.org.