FTC Warns ICANN That Expansion of Internet Domains Could Significantly Harm Consumers
On December 16 2011, the Federal Trade Commission (“FTC”) sent a letter to the Internet Corporation for Assigned Names and Numbers (“ICANN”), the organization that oversees Internet domain names, expressing concern about ICANN’s plans to dramatically expand the Internet domain name system (“DNS”) from the existing twenty-two generic top-level domains (“gTLDs”). The FTC fears that expansion of top-levels domains could leave consumers more vulnerable to online fraud, and make it more difficult for law enforcement to detect and prosecute online criminals.
Starting on January 12, 2012, ICANN intends to accept applications for an estimated 500 new gTLDs, and possibly as many as 1,500. The FTC expressed concern over the potential effects of the expansion. “If the number of approved new gTLDs reaches even the minimum estimate, the Internet landscape will change dramatically,” the FTC observed. FTC Letter at 7.
According to the FTC, as a result of the expansion, the number of registered websites, registry operators and other actors with an operational role in the Internet ecosystem would expand. The expansion would increase the “possibility that malefactors, or others who lack the interest or capacity to comply with contractual obligations, will operate registries,” the FTC wrote. Id. at 5.
The FTC argued that phishing is likely to increase, because scammers would be able to register misspellings of business names in a multitude of new gTLDs, such as .bank and .finance, and create many more counterfeit websites to capture consumers’ financial data. There would be a significant potential for consumer confusion, given the “infinite opportunities that scam artists” would have at their disposal. Id. at 5. The FTC is also concerned that the proposed expansion would make it harder to find online criminals. “[T]he ability to locate and identify bad actors will be frustrated significantly due to a likely increase in the number of registries located in different countries and limited ability to obtain relevant data maintained abroad.” Id. at 7.
Therefore, the FTC wrote, an expansion in the number of domains names would make it easier for scammers to manipulate the system to avoid detection by law enforcement. “A rapid, exponential expansion of gTLDs has the potential to magnify both the abuse of the domain name system and the corresponding challenges we encounter in tracking down Internet fraudsters.” Press Release, Federal Trade Commission, FTC Warns That Rapid Expansion of Internet Domain Name System Could Leave Consumers More Vulnerable to Online Fraud (Dec. 16, 2011).
The FTC also noted that it routinely consults the “Whois” database of domain-name registrants’ contact data when investigating deceptive online practices. The database, however, often contains incomplete or inaccurate data, or proxy entries that shield registrants’ identities, which greatly impede investigation. The FTC and other stakeholders, including the Federal Bureau of Investigation, have stressed this problem to ICANN for over a decade, with no satisfactory improvement, according to the FTC.
Recommended Changes to the gTLD Program
The FTC stated that if ICANN expands gTLDs, “the potential for consumer harm is great, and ICANN has the responsibility both to assess and mitigate these risks.” Letter at 5. The FTC urged ICANN to take the following measures before approving any new gTLD applications:
- Implement the new program as a pilot program and substantially reduce the number of generic top level domains that are introduced as a result of the first application round.
- Strengthen ICANN’s contractual compliance program, in particular by hiring additional compliance staff.
- Develop a new ongoing program to monitor consumer issues that arise during the first round of implementing the new gTLD program.
- Assess each new proposed generic top level domain’s risk of consumer harm as part of the evaluation and approval process.
- Improve the accuracy of Whois data, including by imposing a registrant verification requirement.
Id. “We strongly believe that ICANN should address these issues before it approves any new gTLD applications,” the FTC wrote. FTC Letter at 6.
The FTC observed that many stakeholders urged ICANN to implement consumer protection safeguards, but that “ICANN failed to respond effectively to all of the concerns that were raised, did not implement some of its commitments to improve the new gTLD program, and did not provide adequate solutions to widely documented problems in the existing gTLD marketplace.” Id. at 7.
FTC Recommends Limited Pilot Program
The FTC proposed that the initial round of new applications for new gTLDs be done as a limited pilot program, as has been done in previous rounds, to permit an assessment of the risks of expanding the number of gTLDs and ICANN’s ability to manage them. The FTC believes that ICANN is ill-equipped to handle contract enforcement for the existing 22 gTLDs and several hundred accredited registrars, noting the few compliance staff members and the lack of a rigorous enforcement program. Greatly expanding the number of gTLDs will increase the number of registrars and complaints, requiring both more resources and improved policies to hold registrars accountable. The FTC suggested that ICANN should require registries and registrars “to adhere to stringent policies that promote consumer trust and enhance security. In particular, these contracts should require verification of domain name registrants, impose further obligations on registrars for maintaining accurate Whois data, and hold domain name resellers accountable. ICANN should also ensure that the contracts provide adequate sanctions for noncompliance,” the FTC wrote. FTC Letter at 9.
New Compliance and Monitoring Program
The FTC recommended that ICANN create a new compliance program to monitor consumer issues on an ongoing basis, which “reviews the feasibility of existing mechanisms for addressing consumer issues, applies current contractual enforcement tools to resolve these issues, identifies areas where new policies may be needed, and outlines a plan for working with ICANN’s supporting organizations on policy development processes that address these issues.”FTC Letter at 10. The FTC noted that ICANN plans to periodically review the gTLD program for potential problems relating to consumer trust and choice. “We intend to participate actively in this review process,” the FTC wrote. Id. at 10.
ICANN also should integrate into its evaluation of the new gTLDs a process to review potential harm to consumers. New gTLDs for regulated industries or those particularly susceptible to abuse, such as .kids and .bank, should be scrutinized more carefully.
Accuracy of “Whois” Database
The FTC urged ICANN to improve the accuracy of the Whois database, observing that the incidence of deliberately false data is pervasive and that ICANN’s response has been “woefully inadequate.” FTC Letter at 12. The FTC noted that law enforcement agencies worldwide have advocated that registrars implement verification procedures for domain-name data, and that ICANN should adopt measures to reduce inaccuracy before introducing new gTLDs, to avoid exacerbating the problem. The FTC quoted an Interpol representative’s “blistering critique” of the database:
Accurate WHOIS is a joke. It just doesn’t happen. We don’t see it. We never get it. Even if we do see something within it that might give us indications, it’s—it’s always a dead end and it’s a waste of time even trying. And for me, what’s the point in having a WHOIS database if it can’t be accurate?
Id. n. 28.
“If ICANN fails to address these issues responsibly, the introduction of new gTLDs could pose a significant threat to consumers and undermine consumer confidence in the Internet,” the FTC warned. Press Release (quoting id. at 6). The FTC’s letter was sent to the Chair of the Board of Directors and President and CEO of ICANN. Copies were also sent to more than a dozen U.S. Senators and House members active in technology regulation.
This document and any discussions set forth herein are for informational purposes only, and should not be construed as legal advice, which has to be addressed to particular facts and circumstances involved in any given situation. Review or use of the document and any discussions does not create an attorney-client relationship with the author or publisher. To the extent that this document may contain suggested provisions, they will require modification to suit a particular transaction, jurisdiction or situation. Please consult with an attorney with the appropriate level of experience if you have any questions. Any tax information contained in the document or discussions is not intended to be used, and cannot be used, for purposes of avoiding penalties imposed under the United States Internal Revenue Code. Any opinions expressed are those of the author. Bloomberg Finance L.P. and its affiliated entities do not take responsibility for the content in this document or discussions and do not make any representation or warranty as to their completeness or accuracy.
©2011 Bloomberg Finance L.P. All rights reserved. Bloomberg Law Reports ® is a registered trademark and service mark of Bloomberg Finance L.P.