With ICANN launching 400 new generic top level domains, CADNA looks at the facts and figures to determine what the impact to business and the internet using public will be. Will the changing landscape of the web be improved with new extensions or will it become gridlock on the information superhighway? Joshua Bourne of CANDA discussed the study's findings with Damien Allen on today's program.
Josh Bourne: Damien thanks a lot for having me on.
Damien Allen: It is a pleasure to have you today sir. Today we are talking about a report that was filed on April 6 from CADNA discussing the anticipated launch of 400 generic top level domains (GTLD) that would cost brand owners worldwide over $746 million. You want to give us a little bit of background on this report Josh?
Josh Bourne: Yeah I would be happy to. We’ve been looking forward to writing this report for quite a while because it was necessary to tease out what this new world will really look like. I think that people have been hearing about new top level domains for a while now, it has been at the forefront of intellectual property concerns on the internet for about 2 years. Although the insiders at ICANN will tell you that this was always part of the plan. They can look back almost a decade and say that it was part of their ‘m-o’ ultimately to try to open up the internet and open up the domain space and they thought at that time that it was a logical way to do that by expanding the number of extensions out there. So, we are coming up on a point where this might actually happen. We waited though, for some more meaningful statistics to come out of ICANN I don’t know how closely your listeners follow ICANN but this is the internet corporation for assign names and numbers. They virtually have a monopoly, they are effectively a monopoly on naming and addressing and they generate policies through their constituency meetings and they leave it to this bottom up policy development process that includes domain name companies registries and registrars for instance, some intellectual property voices, governments are involved in that as well. But it was only recently that the new TLD’s got to a point in that policy development process where the ICANN can really query their community and ask specifically which TLD’s people were interested in registering and back in March they released the results of that and it looked like there would be 400 generic ones and this is names like ‘.shopping’ ‘.music’ or ‘.food’ and also some geographic ones that I pile in the generic category. Those include the ‘.africa’ ‘.berlin’ ‘.nyc’, these types of names. They also found there was interest in about 100 brand name TLD’s. These aren’t real examples but just for instances to give you an idea of what that means ‘.facebook’ ‘.google’ ‘.aol’, those would be examples for branded top level domains.
Damien Allen: So these are extensions that are outside of the regular ‘.com’ ‘.org’ ‘.net’ ‘.bus’ ‘.info’?
Josh Bourne: Yup exactly, it’s not exactly a completely new phenomena, it’s just what’s new is the number of TLD’s, 400 generic ones, over the last 5-7 years we have seen a trickle of top level domains come out, starting really with ‘.bus’ and ‘.info’ and later ‘.pro’ and ‘.jobs’ and ‘.coop’ ‘.travel’ ‘.museum’, very more recently; ‘.movie’ and ‘.tell’ and typically the business community and really the public has been able to deal with them slowly over time. You know maybe one two or three new extensions hitting the market in a given year.
Damien Allen: What are some of the biggest misconceptions that brands have when it comes to this new TLD launch?
Josh Bourne: That’s a good question. I think that’s actually one of the reasons why CADNA took the time to generate some constructive data based on research to help the business community, governments, lawmakers, and the general public really understand what’s going on here. I think before the study was released, while of course there are brand owners for instance who knew that there was more to the puzzle than just answering the question, should we, if we are Kodak for instance, register ‘.kodak’ and why would we do that? Would we do it for brand protection, or would we do it in order to redesign how we communicate with our audience on the internet and that has been such an important question I think for business to consider that they haven’t really paid much attention for what it will mean to them with respect to protecting their brands, extending their brands, what kind of costs they would experience to register names defensively, what it would mean to the global community with respect to new opportunities for cyber crime and other forms of fraud, and what this would all cost. Given the area of generic top level domains, so to make it really real, we ran this study to project just exactly how many new domain names global businesses would likely secure and what that is going to cost global businesses.
Damien Allen: In on average, if a brand decided to register defensively, how many different registrations would a brand be looking at?
Josh Bourne: That’s a really interesting point; you know our group called on its combined 10 year experience for me, some other people involved have been dealing with new TLD launches over the years, have been working with global businesses and are very risk averse, but at the same time still make very careful choices about which names they register and what they don’t. Budget is always a question; you know how many names would we like to register, how many names can we afford to register, what are the reasons for doing that. There are a lot of different scenarios that you run into, there are companies that are, you know they might be more of a one brand company if you will. Cummings Engines for instance who really is only know as Cummings, they might just be concerned about the Cummings name, another company who they compete with, Catapillar, they might be very concerned with Cat and Catapillar. There are other businesses out there like, SC Johnson for instance, they have a huge list of consumer brands and so the various types of companies will have different scenarios. I mean one pharmaceutical company that we talked to, because we really wanted to conservatively project how many names are likely to register, we asked them ‘how many names did you register when .eu came about several years ago?’ And it was in the hundreds in the sunrise period. So when we modeled this we were very mindful of the various kinds of scenarios out there and so we set up scenarios, say 50% adoption rate across these 400 TLD’s or 75% adoption rate, or maybe a very low level. Maybe a company would be very selective about which TLD’s they decided to pre-secure domains in and decide perhaps just 10% of the new extensions they would register and the other ones they would ignore. We also created various scenarios about the number of names they might register. Anywhere from one to several hundred, then we applied a very representative weightings game to apply percent probability based to each of those various categories of likely scenarios. When it all shook out, on average what we concluded is that businesses would register approximately three domains per registry for each of the 400 new TLD’s that are coming out and in reality that’s actually quite low. It maxed out at only about 3,700 registrations per new TLD so it predicts that; not that ‘.music’ will get 3,700, or that ‘.food’ gets 3,700, but across this wide variety of new TLD’s ranging from okay to very interesting. On average they would get 3,700 new registrations; that in itself is very conservative. It compares to, and this is why we think these numbers really do check out, it compares to a 140,000 sunrise registrations that took place in ‘.eu’ and a year later 15,000 sunrise applications in ‘.asia’. We are basically saying, ‘look we project one quarter the level of adoption that took place in ‘.asia’ which is presumably a pretty huge extension and that adds up to $746 million in cost to global enterprises, basically to duplicate what they already owned, what is already working for them, but just to keep it out of the hands of third parties. So in reality, it could be four times that amount, we could be looking at $3 billion in costs to businesses just to extend the protection of their brands and to try to reduce the number of instances of fraud that can affect consumers.
Damien Allen: Based on your organization’s analysis of internet user behavior, how are internet users going to react to the influx in new TLD’s?
Josh Bourne: That is a very interesting point, it is a challenge. We did some research on what’s popular today and what’s been popular over the last let’s say decade, and what I did is gather the 1,500 most popular websites in the world and broke them out. Took the amount of traffic that each one gets and then subtotaled the % volume of traffic by extension. The results are probably what you would expect; 90% of internet traffic today is going to ‘.com’ sites. The second most popular extension for websites that get traffic is ‘.org’ with just 2.82% of global internet traffic and the wheels literally fall off after that, you get down to ‘.bus’, its responsible for .02% or 2 one hundredths of a percent of internet traffic. So I think that people that use the internet, more than a billion and a half people today, unless they are going to country specific content that they expect to find under their countries’ ccTLD, this would be ‘.de’ for Germany or ‘.jp’ for Japan. They very routinely will think of a name that they want to visit, it might be Gillett and append it with ‘.com’ or maybe if they are in a city for instance even they might want to know what pizza restaurants are available to them in Toledo, so they might type toledopizza.com intuitively and see if there is something there that might help them. They are not appending those searches with ‘.net’ or ‘.org’ so, you are not going to be able to overnight change consumer behavior just by flooding the market with top level domains, so we don’t think that consumers will readily start picking these things up. In fact, one group, and I can’t think of the source off the top of my head, did some surveying and they talked to consumers and 60% of the consumers that they polled agreed extensions would change the way that they use the internet, but not for the better. 57% thought that it would make the internet more messy and confusing, 46% said it would make it too complex to navigate, 41% actually made the claim that it would be out of control. I’m a little concerned about that but at the same time there could be some interesting new innovative uses of TLD’s and I don’t think the problem here really is that the internet changes or that it could change and will change. It’s a method by which ICANN and its community, they have an imbalance of financial incentives to roll out all these new TLD’s. It’s a little bit too chaotic I think. You open the floodgates, you lower the cost, you lower the betting process, and the net result is you get a huge inflow of TLD’s that the public just isn’t really ready for. So, I think it would be interesting to potentially have a closer look at the potential results of this, and rethink that before moving forward. Maybe if I was in charge, I suppose or a lot of the people I talk to and agree with me, I think they would say that a more sustainable approach would be to perform more of a measured release so there was time to test it and react to what introducing a variety of new TLD’s will do to the internet.
Damien Allen: The report says that over $746 million is going to be the cost. Were there other costs that weren’t included in the study?
Josh Bourne: Yeah of course, all we measured was ‘what is the immediate cost to businesses to register a hypothetical set of domains that would be a conservative estimate’, and that $746 million corresponds to the first two year period of registration. So we didn’t take a present value calculation of what it’s going to cost businesses over the next 10 years, because it is a little bit difficult to guess how many of those will get renewed. Normally what happens is businesses tend to be conservative, they can’t predict which of these TLD’s might take off and which ones won’t. Based on recent past history, most of them will fail. But we can’t know for sure and as a result businesses are inclined to register them when they can get them ahead of the general public. So renewal costs were omitted from this, the other thing that businesses tend to do today in the current environment is they do a fair amount of monitoring, part of consumer protection, part of protecting their trademark as well, is keeping an eye on what names are registered by third parties that are confusingly similar to their brand or trademark and the other point that I would raise about costs that weren’t included is that in addition to the cost of ongoing monitoring, is the enforcement cost. We didn’t try to project what it’ll cost businesses to go out and get names back from third parties when there is an intolerable use.
Damien Allen: With this new GTLD launch, are there any new forms of protection against bad faith acquisition or trademark protection that are being added with the launch, is there any new system in place to protect people from cybersquatting or bad-faith registration?
Josh Bourne: There are various right protection mechanisms (RPM’s) that are integral in the draft guidebook that ICANN is putting together for the new TLD their ideas of a wrap-around trademark clearing houses and other ways for brand owners to simplify, but nothing that I have seen is actually going to deter cybersquatting. The idea is mainly to make it easier for trademark owners to register domain names and reduce the complexity of the process of trying to deal with 400 potentially different, distinct, unique processes to secure their brand in a special period called ‘sunrise period’ when trademark owners have the first opportunity to register their name. Consistent with a lot of ICANN processes the aim is to sort of respond to the concern of the trademark community but to do so in a way where the registries and registrars and others who really dominate the ICAN process can still earn their fees. There are some interesting angles here to though to consider is that cybersquatting could conceivable occur on either side of the dot. On the left hand side of the dot, you are talking about typos of a brand, registrations under a TLD. On the right hand side of the dot, you are talking about an actual squatter TLD. For instance lets say that a party unrelated to Ebay wants to pursue ‘.ebay’, there is what appears to be a fairly efficient process conceived that would eliminate that risk to Ebay the online retailer auction site because they would have an opportunity to object to the application made by this third party. I actually don’t predict that there will be a lot of right hand side of the dot squatting attempted, as the costs seem to be high enough to reduce that likelihood and of course the various rights protections and opportunities for brand owners to object to those confusing TLD’s exist that this isn’t really going to happen. Overall though, the CADNA organization has two priorities, our strategy is to seek out reforms to ICANN we believe that the organization that was created a decade ago might not be the right organization for the next decade. The setup was made at a time where I don’t think anybody really could have reasonably predicted just how big the internet would be come, how big ecommerce would become, how many opportunities there would be for trademark infringers and squatters to use the trust of a brand name to better perform whatever act of fraud or whatever scheme they wanted to carry out online. I don’t think anybody predicted that the domain name business would be a multi-billion dollar industry worthwhile to capture that policy development process at ICANN. And so, CADNA is very focused on figuring out how ICANN itself can be made more transparent, more accountable, certainly more predictable, and more unbiased, to make them a steward of the public interest and the internet. The other side of CADNA’s mission is to reduce the instances of cybersquatting through potentially some legislative changes that would create a more sizeable deterrence to cybersquatting. Outside of what ICANN can do to reduce the instances of cybersquatting and consumer harm that often follows, we think that governments can revise laws or create new laws where they are missing that would serve as a deterrent so that the individuals who actually cybersquat make a better decision based on the potential liability of registering that infringing domain name. For instance, not all cybersquatters are massive enterprises, huge operations with tens of thousands or hundred thousands or even millions of domain names, even though there are squatters on that scale. The vast majority are not hard criminals, we looked a set of infringements for a particular company fairly recently across 5,000 infringements when measuring the number of unique registrants across those infringements, the number of domains per unique registrant was just 1.5. What that means is that there’s over 3,000 various parties that owned one or more domain across 5,000 infringements, a lot of small timers. The small timers might be unaware of what liabilities they carry by owning that domain name and today its often either no financial loss that could occur or given the 10 year old US statute, a range of statutory damages are available at the judges’ discretion between $1,000 and $100,000 per instance. We think that simply by moving the ball up to a $100,000 for instance, will lead to, not only potential cybersquatters in ‘.com’ and the proven space but also in this conceived of future TLD space, will make better choices. They’ll decide it’s just not worth it. They won’t register as many infringements, they might even review their own portfolios more closely and choose to either delete or not renew at expiry the domains they own today that infringe on brands. It is possible for the huge stack of what we predict to be about tens of millions of infringing domains owned by unrelated third parties to that brand owner, could more passively, just by systemic change, be just reduced, I think that is an important piece of this puzzle. I think one of the reasons that brand owners are upset by the domain space, are upset by ICANN and aggravated by the number of infringements, they often tell me, and I’m sure they tell others, that they feel like they are losing the battle. They feel like they are playing whack-a-mole, they feel like they can’t keep up with the rate of infringements and their concern as well was that they can’t protect their consumers, their partners, and others that when they see their brand name in a domain, want to trust that domain and might fall for a scheme or have a bad experience online and blame that brand. So if there is fewer infringements, it is more practical for companies who are virtually cast-alone with policing the internet for uses of their brand and enforcing their rights wherever possible to protect consumers, to actually do that.
Damien Allen: What do you think is driving this massive expansion for new domain extensions?
Josh Bourne: I think that there’s this point that ICANN often raises that expanding the number of TLD’s was always part of the plan, which I don’t really think is a very good reason because the internet has changed dramatically, and what might have been a good idea years ago, might still be a good idea but maybe it should morph a little bit. I think that the ICANN process is a really interesting thing, there’s really no analogous organization that I can think of to ICANN. It’s true that they have a lot of bottom-up policy development process. But I believe that that process, at the bottom, it is very much over populated by domain name industry insiders. So effectively, over the last decade those who have the most gain by manipulating the outcomes of that policy development process have saturated that environment in order to overpower other types of points of view. They effectively can create policy or drive the policy development process in a direction that serves their needs and interests and it’s clear that anytime that a single organization has complete control over a scare resource, like domain names, that it is ripe for capture. And I think that in many ways ICANN has been captured. The result of that is that they can accept and tolerate certain types of policy that are beneficial, that raise revenue, and they can also push down or repress policies that are not helpful to their business model. I look back on what would be extremely beneficial policy changes one would be to address the problems with Whois. According to Nork at the University of Chicago, 77% of domain Whois records. Whois is like the telephone book for domain names. You can look in the Whois, and you can find out who owns a particular domain name. 77% of the names they looked at had defective Whois records. A range of different types of errors including intentionally misleading information. That Whois defect allows and emboldens cybercriminals in particular to be more aggressive through spamming, through fishing, whatever it is they do, counterfeit peddling, whatever it is that they do. They are emboldened by anonymity. If you walk in to any city hall in America for instance and say you want a business license, and when they ask you for your identification and you say sorry but I still want my business license they laugh you out of the court house, or city hall. In domain space and on the internet, you can hang a shingle, and be completely unknown, and that leads to counter party risk. Consumers that could use the internet to perform more regular commercial transactions aren’t doing that as much as they nearly could because they are afraid they are going to get taken advantage of because they don’t know who it is that they are dealing with and they don’t know whether or not they can trust them. About two years ago, ended a two year review of Whois and Whois policies to solve that. I believe it was the IPCU, Intellectual Property Constituency who was really pushing that. At the end of that review period the result was to maintain the status quo, not to do anything to affect Whois, positively or negatively, just leave it alone. I believe the reasons why are that any corrective measure that could be taken to clean up Whois information would rely on the registrars and the registrars hold the relationships with the registrants, their customers, the people who own domain names, the people who have the incorrect Whois information in the database. The registrars cost structure would necessarily be effective making them less profitable because they would need to staff up, they would need to do things in order to work with their customers to correct that. I believe they probably also assumed that if the choice of the customer was either to be transparent and be known in the Whois or no longer own the domain name, many of them would choose to no longer own the domain name. Once you are known, if you are a bad actor, you are no use for that domain name, that domain name is only good to you if you can be invisible. Although it’s not that simple, there are also privacy concerns that were a big part of that debate; but the example is Whois is something that was correctable and could have been corrected but wasn’t or there’s new TLD policies which are also controversial but are marching forward and it is very predictable what the outcome will be absent of any reform or any pressure from the US and foreign governments, they will move forward and that is because these are incredibly lucrative policies. These are good for registries registrars and various kinds of domain name insider companies, such as the entrepreneurs that are most interested in securing a new TLD which, grants them a monopoly to try to sell as many domains as they possibly can. Since they are driving the ship I think this is why we are seeing new TLD’s come in such a hurry. A lot of people will say that new TLD’s haven’t’ moved forward as quickly as they could have and that proves that they’re following a more conservative path but the reality is that this is all very fast and most people in the ICANN community would tell you that, absent anything major happening, they will be here next year.
Damien Allen: I would like to thank you for joining us today and discussing this with us Josh.
Josh Bourne: Thanks very much for having me. This is a good opportunity and it was fun to speak with you about it.
Damien Allen: We have been speaking with Josh Bourne the President of CADNA the Coalition Against Domain Name Abuse and managing partner of Fair Winds Partners, LLC. You have been listening to Cybersquttting Law Radio, my name is Damien Allen, everyone have a great day.