US gov split over new domain explosion

NTIA is on ICANN's side for once ...


ICANN is receiving mixed messages from the US government over its plans to dramatically expand the number of top-level domains available on the internet.

The Federal Trade Commission on Friday became the highest-profile objector to the so-called new gTLDs program, saying it threatens to increase fraud and phishing.

"A rapid, exponential expansion of gTLDs has the potential to magnify both the abuse of the domain name system and the corresponding challenges we encounter in tracking down internet fraudsters," FTC's four commissioners said in a letter to ICANN's leadership.

"Fraudsters will be able to register misspellings of businesses, including financial institutions, in each of the new gTLDs, create copycat websites, and obtain sensitive consumer data with relative ease before shutting down the site and launching a new one," they wrote.

The FTC wants the program, which currently has no limits on the number of top-level addresses that may be launched, dramatically scaled back to controlled pilot.

The objection came just a couple of days after several congressmen called on ICANN to delay the programme, which is on track to open up for applications on 12 January.

“I don’t think it’s ready for prime time,” Representative Anna Eshoo said during a hearing of the House Energy & Commerce Committee on Wednesday. “I suggest that it is delayed until consensus is developed among relevant stakeholders.”

Her thoughts were echoed by other committee members, and were warmly welcomed by the Association of National Advertisers, the US trade group that has been spearheading a lobbying campaign to have the ICANN programme halted.

However, ICANN has been solidly backed by the National Telecommunications and Information Administration, part of the Department of Commerce, which is ICANN's overseer and usually its main antagonist within the US administration.

In a speech a week before the FTC's letter, NTIA assistant secretary Lawrence Strickling said that those groups opposing the programme are actually "providing ammunition" to totalitarian regimes that want to orchestrate a governmental takeover of internet regulation.

Some countries want ICANN's multi-stakeholder structure – in which individuals, companies and non-profits have a strong voice – replaced by fully government-led policy-making, most likely under the auspices of the International Telecommunications Union.

"The multi-stakeholder process does not guarantee that everyone will be satisfied with the outcome," Strickling said in a speech. "When parties ask us to overturn the outcomes of these processes, no matter how well-intentioned the request, they are providing ammunition to other countries who attempt to justify their unilateral actions to deny their citizens the free flow of information on the internet."

The NTIA, which spent much of 2011 pushing for changes to the programme to better protect government and intellectual property interests, will not block the new gTLD program, Strickling said.

The new gTLD programme will enable any well-funding organisation to apply for the gTLD of their choice between 12 January and 12 April next year.

ICANN is likely to see applications for regional and city names such as .wales and .london, generic terms such as .web and .music, and brand names such as .canon and .hitachi. There could be over 1,000 applications, most brand-related, according to estimates.

Processing the bids, which incur fees starting at $185,000, is expected to take between nine months and a couple of years, depending on whether there are objections from rights-holders or security implications that need to be investigated.

The first new gTLDs could start going live as early as the first quarter of 2013.

While nobody serious believes that cybersquatters will be awarded trademark-infringing gTLDs, agencies such as the FTC and trade groups such as the ANA are concerned that wrong-doers will be able to buy second-level domains that are confusingly similar to existing brands.

While the ANA thinks the cost of defensively registering trademarks in new gTLDs will be excessive, the FTC is concerned that brand-squatting will make phishing easier.

However, ICANN senior vice president Kurt Pritz told last week's House of Representatives hearing into the programme that new gTLDs will actually help reduce cybersquatting.

The programme requires new gTLD registries to apply much stronger trademark protection mechanisms than are currently available in .com, .net and other suffixes, he said.

A new Uniform Rapid Suspension procedure is expected to enable infringing domains to be taken down more quickly and at lower cost than existing systems. A Trademark Clearinghouse will also be deployed to send warnings to people who try to register domains matching brands.

In addition, Pritz told the House committee, cybersquatters and phishers tend to stick to .com when they register brand-infringing domains, he said.

The latest report from the Anti-Phishing Working Group, which analyses the phishing problem, seems to back up this claim. Data from the first half of 2011 shows that only about 18 per cent of phishing attacks use domains registered by the attacker, and that about 49 per cent are dot-coms.

Further, only 2 per cent of phishing attacks attempt to exploit brand confusion in the second-level domain name, the working group found.

"The domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do, " the APWG concluded. "Instead, phishers almost always place brand names in subdomains or subdirectories."

ICANN has so far showed no indication that it plans to delay or amend the programme before it launches.

“This process has not been rushed, it’s been seven years in the making,” Pritz told the House committee hearing. “All the issues have been discussed and no new issues have been raised.” ®


Other stories you might like

  • LGBTQ+ folks warned of dating app extortion scams
    Uncle Sam tells of crooks exploiting Pride Month

    The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.

    According to the American watchdog, a common scam involves a fraudster posing as a potential romantic partner on one of the apps. The cybercriminal sends explicit of a stranger photos while posing as them, and asks for similar ones in return from the mark. If the victim sends photos, the extortionist demands a payment – usually in the form of gift cards – or threatens to share the photos on the chat to the victim's family members, friends, or employer.

    Such sextortion scams have been going on for years in one form or another, even attempting to hit Reg hacks, and has led to suicides.

    Continue reading
  • 5G C-band rollout at US airports slowed over radio altimeter safety fears
    Well, they did say from July, now they really mean from July 2023

    America's aviation watchdog has said the rollout of 5G C-band coverage near US airports won't fully start until next year, delaying some travelers' access to better cellular broadband at crowded terminals.

    Acting FAA Administrator Billy Nolen said in a statement this month that its discussions with wireless carriers "have identified a path that will continue to enable aviation and 5G C-band wireless to safely co-exist."

    5G C-band operates between 3.7-3.98GHz, near the 4.2-4.4GHz band used by radio altimeters that are jolly useful for landing planes in limited visibility. There is or was a fear that these cellular signals, such as from cell towers close to airports, could bleed into the frequencies used by aircraft and cause radio altimeters to display an incorrect reading. C-band technology, which promises faster mobile broadband, was supposed to roll out nationwide on Verizon, AT&T and T-Mobile US's networks, but some deployments have been paused near airports due to these concerns. 

    Continue reading
  • IBM settles age discrimination case that sought top execs' emails
    Just days after being ordered to provide messages, Big Blue opts out of public trial

    Less than a week after IBM was ordered in an age discrimination lawsuit to produce internal emails in which its former CEO and former SVP of human resources discuss reducing the number of older workers, the IT giant chose to settle the case for an undisclosed sum rather than proceed to trial next month.

    The order, issued on June 9, in Schenfeld v. IBM, describes Exhibit 10, which "contains emails that discuss the effort taken by IBM to increase the number of 'millennial' employees."

    Plaintiff Eugene Schenfeld, who worked as an IBM research scientist when current CEO Arvind Krishna ran IBM's research group, sued IBM for age discrimination in November, 2018. His claim is one of many that followed a March 2018 report by ProPublica and Mother Jones about a concerted effort to de-age IBM and a 2020 finding by the US Equal Employment Opportunity Commission (EEOC) that IBM executives had directed managers to get rid of older workers to make room for younger ones.

    Continue reading
  • Misguided call for a 7-Zip boycott brings attention to FOSS archiving tools
    It's good to highlight some alternatives, but security issues are overblown

    Analysis A blog post calling for a boycott of the well-known 7-Zip compression app is attracting some discussion on Reddit.

    However, it seems criticism for Igor Pavlov and his FOSS compression app 7-Zip is somewhat overblown and may reflect the anti-Russian sentiment of the times.

    7-Zip has been around since 1999 and in that two-decade span there have been more widely used Windows compression tools (WinZip and WinRAR, in particular) they are shareware, so try-before-you-buy versus free.

    Continue reading
  • Toyota, Subaru recall EVs because tires might literally fall off
    Toyota says 'all of the hub bolts' can loosen even 'after low-mileage use'

    Toyota and Subaru are recalling several thousand electric vehicles that might spontaneously shed tires due to self-loosening hub bolts. 

    Toyota issued the recall last week for 2023 bZ4X all-electric SUVs, 2,700 of which are affected, the automaker said. Subaru is recalling all-electric Solterras, which were developed jointly with Toyota and have the same issue, Reuters reported.

    Japan's auto safety regulating body said "sharp turns and sudden braking could cause a hub bolt to loosen," Reuters said, though it's unknown if any actual accidents have been caused by the defect. In its recall notice, Toyota said "all of the hub bolts" can loosen "after low-mileage use," but said it was still investigating the cause of, and driving conditions that can lead to, the issue. 

    Continue reading
  • Alcatel-Lucent Enterprise adds Wi-Fi 6E to 'premium' access points
    Company claims standard will improve performance in dense environments

    Alcatel-Lucent Enterprise is the latest networking outfit to add Wi-Fi 6E capability to its hardware, opening up access to the less congested 6GHz spectrum for business users.

    The France-based company just revealed the OmniAccess Stellar 14xx series of wireless access points, which are set for availability from this September. Alcatel-Lucent Enterprise said its first Wi-Fi 6E device will be a high-end "premium" Access Point and will be followed by a mid-range product by the end of the year.

    Wi-Fi 6E is compatible with the Wi-Fi 6 standard, but adds the ability to use channels in the 6GHz portion of the spectrum, a feature that will be built into the upcoming Wi-Fi 7 standard from the start. This enables users to reduce network contention, or so the argument goes, as the 6GHz portion of the spectrum is less congested with other traffic than the existing 2.4GHz and 5GHz frequencies used for Wi-Fi access.

    Continue reading
  • Will Lenovo ever think beyond hardware?
    Then again, why develop your own software à la HPE GreenLake when you can use someone else's?

    Analysis Lenovo fancies its TruScale anything-as-a-service (XaaS) platform as a more flexible competitor to HPE GreenLake or Dell Apex. Unlike its rivals, Lenovo doesn't believe it needs to mimic all aspects of the cloud to be successful.

    While subscription services are nothing new for Lenovo, the company only recently consolidated its offerings into a unified XaaS service called TruScale.

    On the surface TruScale ticks most of the XaaS boxes — cloud-like consumption model, subscription pricing — and it works just like you'd expect. Sign up for a certain amount of compute capacity and a short time later a rack full of pre-plumbed compute, storage, and network boxes are delivered to your place of choosing, whether that's a private datacenter, colo, or edge location.

    Continue reading
  • Intel is running rings around AMD and Arm at the edge
    What will it take to loosen the x86 giant's edge stranglehold?

    Analysis Supermicro launched a wave of edge appliances using Intel's newly refreshed Xeon-D processors last week. The launch itself was nothing to write home about, but a thought occurred: with all the hype surrounding the outer reaches of computing that we call the edge, you'd think there would be more competition from chipmakers in this arena.

    So where are all the AMD and Arm-based edge appliances?

    A glance through the catalogs of the major OEMs – Dell, HPE, Lenovo, Inspur, Supermicro – returned plenty of results for AMD servers, but few, if any, validated for edge deployments. In fact, Supermicro was the only one of the five vendors that even offered an AMD-based edge appliance – which used an ageing Epyc processor. Hardly a great showing from AMD. Meanwhile, just one appliance from Inspur used an Arm-based chip from Nvidia.

    Continue reading

Biting the hand that feeds IT © 1998–2022