ICANN maintains security stance on website suffix expansion plan
On Tuesday, amid objections from lawmakers and federal officials, the head of the global nonprofit organization that governs website names defended security protections in place for Thursday's planned kickoff of a program to sell infinite address suffixes, such as dot-jobs.
Rod Beckstrom, president and chief executive officer of the Internet Corporation for Assigned Names and Numbers, on Tuesday said governments, the private sector and Internet users have vetted consumer safety and intellectual property considerations for six years. Letters ICANN has received during the past few weeks from lawmakers and the Federal Trade Commission calling for a postponement have not raised any new issues, he said.
"There were no reasons given for the delay," said Beckstrom, a former director of the Homeland Security Department's National Cybersecurity Center. "There was no new information that's come in in the last few months.
Critics of ICANN's plan argue, among other things, that expanding the alphabet of domain endings will allow scammers to defraud computer users. The fear is that swindlers may create legitimate-sounding sites, such as Amazon.bookks, for example, that install viruses or sell fake goods.
Preparations for growing the Internet address list started in 2005 and, this week, ICANN will accept proposed suffixes from anyone willing to pay the $185,000 application fee. Initially, the organization will pick as many as 1,000 names for a staggered launch in 2013.
"The greatest reason it's taken this long is primarily IP issues, and then government concerns," Beckstrom said, adding the new program includes protective measures absent from the existing system.
The aim of expanding the domain name system is to offer Internet users more choices and to increase competition, backers say. Right now, none the Web's 22 domain endings is written in Chinese or Hindi characters, although half its users are located in Asia, Beckstrom said.
ICANN will conduct criminal background checks on all applicants, with the assistance of Interpol, he said. And those selected must institute "DNSSEC" for the suffix part of names to prevent man-in-the-middle attacks where hackers redirect users to phony sites.
But Beckstrom acknowledged that not all sites inside a domain use these digital signatures that verify the authenticity of Web addresses. "Adoption is slow at the second level," he said. Only 23 percent of federal sites have employed DNSSEC, General Services Administration officials said last summer.
Beckstrom was speaking at the Center for Strategic and International Studies.
Washington critics contend ICANN does not have an accurate listing for the identities and contact information of site operators in its "WHOIS" central directory. And they say the organization is too short-staffed to track down violators.
"WHOIS is a really tough problem . . . and more work has to be done there," Beckstrom agreed. "And a lot of work is being done right now." ICANN is in the process of changing contracts with registrars to provide a more complete and truthful directory, he said.
After the window for applications closes on April 12, all proposals will be posted online for public comment, according to ICANN officials. Governments and citizens can file formal objections to requested names on a limited number of grounds, including the violation of IP rights and "norms of morality," such as names that promote violent lawlessness. They must pay a negotiable fee per objection.