When a proposal to release new generic Top-Level Domains (gTLDs) was voted through in June 2011, its backers at governance body the Internet Corporation for Assigned Names and Numbers (ICANN) thought the scheme would help companies to expand their online presence. But what about the opportunities it would present for registrants to purchase suffixes in order to pose as companies?
That was the concern of leading regulator the European Banking Authority (EBA), which recently wrote to ICANN to warn that fraudsters could use new gTLDs to pass themselves off as regulated financial services entities. In its February letter, the EBA called on ICANN to withdraw from availability the suffixes .bank and .fin (short for ‘finance’) as a means of limiting the extent to which such fraudsters could find online comfort zones in which to work.
‘The EBA has had the opportunity to examine the issue of the envisaged new TLDs ending in .bank and .fin in detail,’ wrote the group’s chair, Andrea Enria. ‘It has come to the conclusion that there are many supervisory concerns surrounding the operation of the proposed TLDs by ICANN, relating mostly to the great potential – in our view – for misuse by unscrupulous individuals. Therefore, any plans for their operation should be discontinued.’
Enria argued that ‘potential mitigating measures’ envisaged by ICANN, such as the creation of a separate entity for controlling those TLDs, did not fully address the concerns of the financial community. He added: ‘The EBA Board of Supervisors is also concerned that “true” banks and other regulated entities will need to put in place costly and complex legal or commercial initiatives in order to safeguard their trademarks from frauds and abuses. New .bank or .fin websites could also be used to conduct new types of fraud, giving way to more dangerous kinds of phishing and scams.’
Unfortunately, Internet scams are all too common. As CPA Global’s Head of Trademarks and Domains, Catherine LaRooy, pointed out: ‘While appointing special suffixes to create “safe” spaces on the Internet is not new – for instance, the .travel domain – there have always been, and will continue to be, inherent risks in using the Internet for commerce. It is therefore essential that financial institutions, along with other organisations, have a clear brand protection strategy in place – which should include comprehensive monitoring of published watch lists.’
Strings of dispute
The EBA’s objections to the ICANN initiative were also highlighted in a separate Opinion document, in which the group outlined a range of other concerns that it had about the TLDs, including:
• The full benefits of ICANN’s new gTLD scheme will not be fully known until it launches, and it would be undesirable for as-yet-unidentified benefits to be felt straight away by fraudulent early adopters.
• The TLDs pose several technical challenges to systems designed to ensure the security of retail payments to financial entities.
• As the TLDs could be used literally anywhere in the world, they could lead to the sudden emergence of hard-to-track fraudsters operating in numerous territories – an instant, large-scale enforcement problem.
• Consumers of financial services may interpret the new TLDs as regulatory endorsements.
In March, ICANN chief operations officer (COO) Akram Atallah replied to Enria to say that the gTLD programme ‘does provide multiple avenues for objection’ to parties with standing, and already covers areas such as potentially confusing domains; legal rights and public-interest concerns. In addition, the group’s Governmental Advisory Committee (GAC) allows governments to provide notices directly to applicants pointing out that applied-for domains may be sensitive or controversial.
Atallah added: ‘We strongly encourage the EBA to actively monitor [our] website [to see who is applying for financial domains] and consider what actions to take, as appropriate. Further, ICANN encourages the EBA to work closely with any known potential applicants for .bank or .fin to address any issues/concerns with regards to the use of these particular strings.’
In other words, from ICANN’s perspective, the dispute-resolution methods it has set aside for the scheme are adequate – and any further work is best taken up by the EBA itself.
Just weeks after Atallah’s reply to Enria, confidence in ICANN’s internal processes dropped following the suspension of the new-gTLDs application system in the wake of a technical ‘glitch’. An ICANN resolution published on 6 May recognised that, ‘during the pendency of the glitch, applicants may have re-evaluated decisions to participate in the new gTLD Program’ and, as a result, may wish to withdraw their applications. The resolution confirmed that any applicants who decided to withdraw would receive full refunds – and also stated that no details of who has applied for which suffixes will be published until the application system reopens on 13 June 2012, for a period of at least five days.
For those in the domain-name community who are concerned about any similar ‘glitch’ arising from ICANN’s dispute-resolution mechanism for new gTLDs, it would perhaps be reassuring to know that the lion’s share of this procedure is being handled exclusively by the Arbitration and Mediation Centre at the World Intellectual Property Organisation (WIPO).
In March, WIPO announced that, during 2011, a record 2,764 cybersquatting cases covering 4,781 domains were processed at the centre under the organisation’s Uniform Domain Name Dispute Resolution Policy (UDRP). This marked an increase of 9.4% over 2009 and 2.5% over 2010. According to WIPO director general Francis Gurry, ‘These trends illustrate that even in today’s domain name system, brand owners already have to make difficult choices for their stretched online enforcement resources.’ With the coming new gTLDs, he said, ‘brand owners’ resources will likely be stretched further.’
For its part, WIPO has published extensive material about its role in the new gTLD Dispute Resolution Mechanism, together with a detailed guide on legal rights objections for the new era. WIPO has also pledged to continue working with ICANN to sustain the UDRP’s status as ‘an effective alternative’ for brand owners wishing to avoid full-blown litigation – and has braced itself for the start of disputes around new gTLDs during the second half of 2012. ‘If properly designed,’ added Gurry, ‘alternative dispute resolution will be an increasingly important tool for enhancing business and user confidence in internet platforms.’
So, it seems that WIPO is prepared. But is ICANN? And, with the pending publication of new domains and their applicants still heavy with the element of surprise, have financial regulators built up a picture of what to expect… or could there be a few more ‘glitches’ around the corner?