|
||
|
||
Two weeks ago, the Federal Trade Commission held a summit on e-mail authentication in Washington, DC; the community of people who handle bulk mail came together and agreed on standards and processes that should help reduce the proliferation of spoofed mail and fraudulent offers. This was a big, collective step in the right direction. (See Release 1.0 for a full analysis. See News.com for news coverage.)
But e-mail sender authentication alone won’t solve the Net’s fraud and phishing problems - nor will any single thing. It requires a web of accountability among a broad range of players. Yet this week there’s another meeting, in Cape Town, South Africa, that could make even more of a difference…but it probably won’t. That’s a meeting of ICANN, the Internet Corporation for Assigned Names and Numbers, the international organization that sets and to some extent enforces policy for the Domain Name System (DNS). The e-mail summit was about people’s ability to send e-mail; the ICANN meeting, in essence, is about people’s ability to have a presence in cyberspace.
The ability to have a presence should of course be available to anyone; but the ability to act in cyberspace ? for example, to collect someone’s personal information or their money ? should be accompanied by some accountability.
Please bear with me while I go into a little detail on how things work, what the problem is ? and how it could be addressed.
The DNS was set up back in the 70s (before it had a name) at a time when most people online were trustworthy (or at least behaved that way), and the number of individual consumers using the Net was small. When ICANN was created in 1998 (I was founding chairman, 1998-2000), it set about solving the most pressing problems ? notably, privatization of the DNS and the creation of an open, competitive market for domain names. While ICANN is not a government organization - and should not be - it has the responsibility of regulating the DNS and the organizations that maintain the databases of names (registries) and those that register them into the registries (registrars) according to policies developed and agreed to by its members. Most of them would prefer to be responsible players if the other guys were held to the same standards.
But instead of opening the Net up to serious competition among the registries for top-level domains (TLDs), such as .com, .net or .jp (for Japan), it focused on creating competition among registrars of second-level domain names (SLDs) such as cnet.com. The registrars are in essence retailers working with the wholesalers, who are the registries (such as VeriSign and a few others) that control the TLDs. The problem is, the registrars can’t really differentiate their product: They mostly sell the same TLDs from the same registries. They can try to differentiate themselves on the basis of service to their customers, the domain-name holders, but most of the competition among registrars is on the basis of price and speed of service.
I won’t go into most of the problems that has produced, but there is one that extends outside the domain-name community, and that is that domain names are so easily available that their use in committing fraud is becoming a growing problem. Along with grandmothers, political activists and honest entrepreneurs, fraudsters and criminals can buy an online identity - that is, a domain name such as sleazyfisher.com or sterlingstartup.net - for a few dollars. In fact, they can buy hundreds of such names, use them for whatever purposes they please - such as collecting individuals’ identity information under false pretenses - and abandon them hours later.
The solution, I believe, is to create a system where the registries can compete with TLDs that stand for something and whose SLD-holders are bound by some contract to specific standards of behavior. These contracts would be different for each TLD, rather than the current situation where most of the contracts are specified or ratified by ICANN. For example, there would be .travel for travel operators vetted by a travel-industry consortium (that’s a real proposal before ICANN); .fun, a hypothetical idea for edgy humor; or .safe, my basic proposal here ? and then the registrars can compete to work with those registries whose policies they support (while the registries are free to pick and choose only the registrars that they believe can uphold their standards). That is, ICANN could foster the addition of new TLDs that would face a market test of attracting users, rather than the current bureaucratic tests currently necessary for the establishment of a new TLD.
True, ICANN has allowed the creation of some new TLDs ? notably .biz, .info and .name, but none of them has gained much visibility or differentiation, and the restrictions ICANN imposes has made it tough for new registry entrants. In essence, by trying to make the market open to everyone, ICANN restricts the ability of the TLDs to differentiate themselves by discriminating in favor of specific kinds or qualities of registrants. It’s really hard to legislate goodness ? or to define it, for that matter. It’s more effective, I believe, to allow registries to compete on the basis of goodness, and then let customers pick the kind of goodness they prefer.
In short, ICANN should consider a fundamental overhaul of the system - not next year, but this year. It could start doing so at its meeting in Cape Town this week, where it plans to consider its policies for new registries ? but the movement seems to be towards more bureaucracy rather than less. It’s not in ICANN’s nature to act speedily; the organization works through consensus policies, developed during a tortuous “due process” of discussion, comments, postings and more discussions. But that’s all the more reason for those discussions to begin now.
What exactly am I proposing? I’ll be sending these comments as a memo to ICANN’s At-Large Advisory Committee, of which I am a departing member, and to its board.
Action requires accountability
Originally, a domain name was a form of presence, a way to express oneself, and a medium for freedom of speech and information. But it is also, more and more frequently, a medium for collection of information (and money). How can we foster freedom without allowing fraud free rein? We can make identity freely available, but we can tie some identities to specific, competing, “local” rules of behavior ? and users can choose, depending on the context.
Take the example of the e-mail community, which is developing a system where authentication of mail servers is coupled with reputation systems and recipient choices about what mail to accept. It’s time for the possibility of similar approaches to work for visits to websites.
Imagine a world where there’s a new TLD; let’s call it .safe. .safe advertises itself as a TLD for domain-holders who are willing to identify themselves, contract to engage in certain business practices, and so forth. One TLD could be, for example, something similar to an eBay, with its own reputation system and dispute-resolution service ? and, of course, government law enforcement at the sidelines. Companies can register an SLD in the .safe TLD through a number of registrars; those registrars are required ? by the .safe registry, not by ICANN ? to go through a specific validation process so that .safe can make promises to .safe website visitors that the site has been vetted by the registry behind .safe.
That registry, for what it’s worth, will need to be a fairly credible organization itself. Perhaps it could be a credit-card company. But note that .safe will not be alone. It will have to compete with other security-conscious TLDs, such as, say, .bank (sponsored by a consortium of banks). And it will differentiate itself from TLDs designed for entertainment that offer advertiser-sponsored content and would never ask for a consumer’s credit card information.
Now, what does this mean for the various players?
For individual users, .safe is a sign that they can safely hand over their credit card details and expect to receive what they were promised in return. They can choose to buy from .safe merchants, or they can go to familiar names they trust, such as gap.com, target.com, whatever. They get a benefit, and no downside. They can also still visit all the sites they want (with a variety of TLDs) not just for commerce, but for news, political commentary, porn, sports videos, health information…
For the owners of trusted sites/SLDs such as gap.com, .safe is unnecessary ? and perhaps slightly unwelcome, since it levels the playing field for smaller merchants who don’t have a reputation but who can rely on .safe to gain consumers’ trust.
For those smaller (honest) merchants, .safe is an interesting proposition. They know it will cost more to go through the .safe vetting process (and they may have to put up a bond of some kind), but they hope it will be worth it: more consumer trust (and business), and ultimately a safer environment overall for e-commerce. Accountability systems are not free, but they are more locally responsive than government regulation. Just consider: Taxes are higher in a good neighborhood, but you get to choose the neighborhood. The accountable Net is a Net of neighborhoods, rather than a one-size-fits-all, impossibly scaled global village. (What we actually seem to have is a global urban-distress zone.)
For the credit-card companies, who are troubled by the prevalence of fraud and phishing and who want consumers’ trust, .safe is an interesting idea…so much so that they might even be compelled to support it. Anything that will increase consumer confidence and reduce fraud is a good idea. Of course, the credit-card companies don’t want to train consumers to mistrust any non-.safe website, but that’s a challenge that .safe will have to overcome.
The existing registries, of course, may not immediately welcome .safe either. But chances are they would appreciate the opportunity to open new registries of their own, and to compete on the basis of something other than price. Meanwhile, the very existence of .safe may cause them to tighten up their own registration practices, or to promote their registrants’ websites to consumers as places where you can go to get information but not to give out your own personal information.
The idea is not to create a one-size-fits-all, regulated Internet. In fact, it’s precisely the opposite. It’s to create a differentiated, more transparent Internet where individuals can trust the road signs. They can choose what virtual neighborhood they want to venture into on the basis of those road signs and the local regulatory regimes they indicate. Want the official story? Try .gov. Want lots of edgy information with little accountability? Try .rumor.
This system would not take away the possibility of anonymity, nor would it force registrars to become agents of the police, the Motion Picture Association of America, or any other body. Instead, ICANN would be fostering a market where different policies can compete on the basis of rules that may (or may not) be appealing to the ultimate users of domain names ? people who visit websites and who have varying degrees of interest in who is behind them. (But users may end up choosing to listen to music at a site where the downloads are certified not to contain spyware or viruses…)
Some people think “the government” (or ICANN, for that matter) should be regulating the behavior of all the entities on the Net. I don’t believe government (or ICANN) is up to that task, especially not on the worldwide Net. But I do believe that the entities on the Net can regulate one another, if systems are set up properly and if individuals have the information they need to choose the peer-to-peer regulatory system they prefer. Call the whole set-up “the accountable Net.”
Real reputation-based and quality-controlled competition among TLDs would not be a solution to everything, but it would be one more important step towards cleaning up the Net. Either those who use domain names need to be accountable to those they interact with, or those who register the domain names need to be accountable for them, in a way visible to individuals and the public. This accountability needs to be specific and granular, so that one can separate the good from the bad. Otherwise, the public will hold the Net as a whole accountable for the actions of its malefactors.
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byVerisign
A World-Renowned Source for Internet Developments. Serving Since 2002.
Esther, your .safe proposal seems to be functionally the same as the .Mail proposal in this most recent sTLD round. Presuming ICANN approval in the next year, perhaps it may accomplish many of your goals?
Obviously reputation systems need to exist on the Internet. The question at hand is whether those reputations systems ought to be tied into the domain name system. This article does a good job of defending the former point but not the later.
Why can’t reputation systems exist independently of the domain name system? Of course they can, and they already do. Its not at all clear that tying them into the DNS would make them more effective. Phishers are already quite good at appearing to be associated with legitimate businesses that people trust.
What tying reputation systems into the DNS would do is provide a central point of control over which reputation systems are recognized as legitimate. This is as opposed to a more open process in which the general public decides collectively which organizations they choose to trust. It would only be useful to the degree that it made choices which diverged from the ones the general public would have made in an open architecture, and in that respect I regard this proposal with some suspicion.
The way to handle phishing schemes is to provide a way for consumers to be better aware that the website they are dealing with is, in fact, the website that they think they are dealing with. Every reputable request for personal information is going to be SSL encrypted and certified. My present browser (Safari) merely puts a little lock in the corner when running SSL, and I can’t even click on it for more details. Most browsers alert to unencrypted information transfers with annoying pop-ups that most users disable.
I’d say we need more fundamental research into the usability of SSL rather then a new DNS architecture. Whats more, I’d say that SSL is the appropriate place to plug in new reputation systems, rather then the DNS. The organization that certifies my encryption key could easily say certain things about me in doing so.
Also, with respect to Anonymity, its not possible for a new proposal to remove something which has already been removed. If I have to provide a valid address for legal service when registering a domain which is available at anything less then a court order, I’m not anonymous.
thanks for the feedback. Chris, I don’t know enough about .mail to comment, but I would assume the answer is partly yes .... It wouldn’t be fully yes until there’s also TLD competition for .mail - perhaps .post??? and .courier or .fedex.
Tom - more complicated. perhaps someone should start a TLD that offers only SSL-only-access sites… The challenge is that you can use SSL and get connected to a real, certified site securely…and be securely connected to some sleazeball outfit. (probably less easy than it is now, but still very possible.)
Does it have a third-party seal? well, it’s pretty easy to copy most seals - well enough to deceive an unwary consumer. (So this protects famous sites, but not the rest…)
yes, the certifying agent could have its own reputation service; I just think it’s easier and simpler for the consumer to connect it to a TLD that would be consistent and embedded in the site’s name. (Blah blah about client-side protection tools, which would also be helpful.) note that the idea is for ICANN to allow almost anyone to set up a TLD; ICANN itself should not be running a reputation service. so it would provide a central (or virtually central, technically distributed) point of registration information, but not centralized control.
IS the DNS the best possible place to do this? I’m not sure, but it seems a good place to start…and if it’s not, then the TLDs that use this approach won’t be successful and the idea will die a deserved death. But it would be great to see it tried…
That’s what I’m really calling for - a more open approach to new TLDs. I’m sure .safe/.bank/.secure would not be the only ones. There would also be .mobi, and I hope a profusion of other new TLDs with their own characters.
Otherwise, let’s get rid of all the TLDs, so that companies don’t need to register all their trademarks in so many different, and meaninglessly different, TLDs. (note: this last suggestion is mostly rhetorical.)
re anonymity: I personally have no problem with proxu services and other devices to provide some level of anonymity - which is never absolute anyway.
Esther,
Thank you for that clarification. I agree that we ought to have more TLDs, and not just for policy based communities like .safe, but also for identity communities like .geek…
With respect to third party seals, I agree that they are not secure. Cryptography is required to do this right. Of course, anyone can use SSL, and so the use of SSL is not in and of itself an indicator of reputability. Browsers must do a better job of indicating to you who the cryptography says you are submitting information to.
TLDs would suffer from the same user education problems that other solutions suffer from. Phishers typically claim to represent companies the victims know and trust. They simply provide convincing graphics and an IP based URL rather then a domain name. If users don’t know that nnn.nnn.nnn.nnn is not the same as paypal.com they may not know that paypal.to is not the same as paypal.safe…
In either case, what it boils down to is how does the user interface indicate to the user who they are dealing with and how well does the user understand those indications. Domain names do offer the advantage that they are directly visible to the user in the current interface, and TLD operators would be responsible for educating users about them.
The care that must be taken here is that certain domain names, like .safe, imply a meaning. ICANN will have to decide who is best to define what that meaning is, to the exclusion of all others. ICANN may not be running a reputation system, but they’ll be deciding who gets to decide who is allowed to run a .safe domain, or a .dentist domain, or a .geek domain. It is inevitable that there will be disagreements about these things.
However, I must admit that these problems also exist in the realm of SSL certificates, and are not as well managed. Presently, browser manufacturers get to decide who is allowed to be a certificate authority. I could propose an alternative in which a large icon appears in a browser toolbar which indicates something about the cryptographic certificate on the website, (green for safe, red for uncertified…) but the same problem exists with this proposal. We need a process for determining who gets to certify people.
So I’ll concede that I haven’t really provided you with a clearly better alternative. The devil is in the details… What UI considerations are most effective, and what processes work best for fairly determining who the gatekeepers get to be…
Esther, I noticed that the ICANN NomCom is open for recommendations for a bunch of posts*. Are there any folks here that you’d recommend for the posts? That you’d like to see in the posts (an interestingly different question!) ICANN’s actions are very opaque, so I wonder what it’s like taking one of the positions. I also was surprised that being on ICANN’s board is listed as an hour a month position.
*see icann’s home page.