FTC tells global Internet body to cut back domain name plan

Wary of fraud, U.S. regulators are asking the Internet Corporation for Assigned Names and Numbers not to move forward with plans to accept bids in January for new domain name endings, such as dot-bank. The Federal Trade Commission on Friday sent ICANN, the international body that oversees Web address names, a letter urging the organization to first roll out safeguards aimed at preventing bad actors from buying those address extensions to swindle visitors.

Currently, there are 22 generic top-level domains, or gTLDs, including dot-gov and dot-us. The thinking behind allowing new domain names, according to ICANN, is that they will offer better trademark protection, stimulate innovation and boost competition. But the FTC argues ICANN has failed to police the current set of domains, so adding more domains will make it even easier for scammers to game the naming system.

Already, tricksters engage in phishing schemes that spoof legitimate sites, such as Citibank.com, to trick unwitting depositors into entering account information on bogus sites by using similar names -- perhaps Citybanks.com or Citigroup.biz.

"The proliferation of existing scams, such as phishing, is likely to become a serious challenge given the infinite opportunities that scam artists will now have at their fingertips," wrote FTC Chairman Jon Leibowitz and the agency's three other commissioners.

They are asking ICANN to change the January kickoff into a test program with a much smaller number of applicants.

"We strongly believe that ICANN should address these issues before it approves any new gTLD applications. If ICANN fails to address these issues responsibly, the introduction of new gTLDs could pose a significant threat to consumers and undermine consumer confidence in the Internet," the FTC officials wrote.

In response to the commissioners' letter, ICANN President and Chief Executive Officer Rod Beckstrom said in a statement that ICANN officials met with Leibowitz last week and expressed a commitment to working with the FTC on consumer protection issues.

"The new program offers significant protections beyond those that exist in current TLDs, including new mandatory intellectual property rights protection mechanisms and heightened measures to mitigate against malicious conduct," Beckstrom said.

Applicants are expected to propose more than 1,500 new domain extensions during a three-month window that begins Jan. 12. After evaluating each submission, ICANN will select at most 1,000 names to launch starting in 2013. FTC officials wrote that even doubling the existing number of domains to 44 in one year would be an "aggressive" increase.

Criminals attempting to evade authorities will sometimes provide incomplete or inaccurate identities and contact information to ICANN officials who then list that information in a "WHOIS" central directory. Fake WHOIS data stymied an FTC investigation into spammers who were promoting pornography sites because enforcement officials had to consult many other sources, the commissioners said.

"We have encountered WHOIS information with facially false address and contact information, including websites registered to 'God, 'Bill Clinton' and 'Mickey Mouse,'" they added. "In Internet investigations, identifying domain name registrants immediately is especially important, as fraudsters often change sites frequently to evade detection." Cybercrime cost Americans $139.6 billion in 2011, according to Internet security company Symantec.

FTC officials want ICANN to vet the consumer risks of each proposed name during the approval process, or at least scrutinize the hazards associated with regulated industries and names prone to abuse, such as dot-kids. In addition, the commissioners are requesting that ICANN bolster its presently understaffed compliance division to handle the expected increased workload.

ICANN officials over the weekend said the new initiative is the result of six years of debate among governments, intellectual property experts, businesses, nonprofit organizations, computer security specialists and Internet users.

"The new gTLD Program will be implemented in a measured, limited manner," Beckstrom said. "ICANN along with the rest of the multistakeholder community will monitor the implementation and take corrective actions as necessary in the face of unanticipated harms. We welcome the input from the FTC and all parties interested in the security and stability of the Internet."

At a House hearing last week, Kurt Pritz, ICANN senior vice president for stakeholder relations, testified the new process will be safer for Internet users than current approval procedures. It will, among other measures, involve criminal history checks and require registry operators to maintain "thick" WHOIS records, he said.