A question of characters
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Relaxing the rules that govern the allocation of domain names may endanger information security and intellectual property, critics fear
In September 2009, the US government said that it had relinquished some control of the International Corporation for Assigned Names and Numbers (ICANN), the body responsible for allocating IP addresses and domain names. Rather than reporting to Washington, ICANN will now self-govern through various panels of international representatives.
The announcement appeared to appease mounting concern that the infrastructural governance of the Internet, by now the world’s most widely used communications network, lay in the hands of one country’s government.
However, the US Department of Commerce will retain technical control over the Domain Name System (DNS), which associates written domain names (e.g. www.information-age.com) with the appropriate web servers, until its contract with ICANN expires in 2011.
As if to demonstrate that it is not still business-as-usual at ICANN, in October 2009 it announced two significant changes to the rules governing domain nomenclature. First, the process by which it will incorporate non-Latin characters in the DNS has been “fast tracked”, it said.
"Right now, Internet address endings are limited to Latin characters – A to Z,” explained ICANN chairman Peter Dengate Thrush. “But the Fast Track Process is the first step in bringing the 100,000 characters of the languages of the world online for domain names.” It was, he added, “the biggest technical change to the Internet since it was created four decades ago”.
ICANN also provided some guidance around the introduction of new top-level domain names (.com, .org, etc) expected in 2010. Although it did not reveal which new TLDNs were under consideration, it has published a draft of the guidebook for applicants who wish to propose a domain name and announced a list of organisations that had put themselves forward to be independent adjudicators.
Of course, the Internet being what it is, neither of these developments escaped criticism. The security community uttered concern that foreign characters in domain names will permit fraudsters to trick users into clicking on links that look very much like familiar websites but with hard-to-spot non-Latin characters.
As for the new top-level domain names, observers called for greater clarity into the measures that will be put in place to prevent ‘cyber-squatters’ from exploiting the brands of existing businesses.
In both cases, ICANN said that it was undergoing an exhaustive consultation with all the numerous stakeholders to ensure that the changes to the DNS are fair, and that the integrity of the Internet is maintained.
Sylvain Hirsch, president of intellectual property protection services provider IP Twins, says the safeguards are needed to prevent new domain names being abused
It is critical that ICANN addresses, without any further ambiguity, the risks to intellectual property protection that the new generic top-level domain names will generate. Intellectual property rights attached to domain names are the essence of a functioning and secure Internet, for businesses as well as consumers.
Every day we see trademark infringements and abuses taking place online. We need to make sure that the new naming system will not worsen this situation and will have enough safeguards against abuse of registered trademarks. Otherwise, consumer confidence and business development online will be undermined.
Peter Wood, a member of security body the ISACA Conference Committee, says that non-Latin characters in domain names will lead to more sophisticated phishing attacks
ICANN’s announcement that domain names will support non-Latin characters could lead to a significant increase in phishing attacks, with attempts to confuse users by replacing conventional web addresses and top-level domains with non-Latin scripts.
Glyphs representing certain characters from different scripts might appear similar or even identical. For example, in many fonts, the Cyrillic lower case A is indistinguishable from the Latin lower case A. An unscrupulous host site can use this visual ambiguity to pretend to be another site in a spoofing attack.
Just when we have made people aware of the dangers of phishing, [that awareness] now becomes even more important.
