Europe to warn consumers about .bank “risks”
The European Banking Authority has told ICANN it believes that proposed financially-oriented gTLDs such as .bank are dangerous and should be banned.
The EBA, the European Union’s central banking regulator, said it plans to issue consumer alerts, warning people about “the risks of these new naming conventions”.
In a letter to ICANN published today, EBA chair Andrea Enria said that a global gTLD such as “.bank” would not give consumers a good guide as to whether the bank was regulated in their own country.
Financial gTLDs have a “not-yet-identified benefit” and could create a “moral hazard”, Enria wrote. The EBA is also worried about the cost of trademark enforcement, he said.
the EBA believes that it is not feasible to address most of the supervisory concerns of its members on the risks of misuse of the proposed gTLDs and calls the ICANN to reconsider its plans for allowing the such of the above mentioned gTLDs and ban the establishment of such gTLDs altogether.
The EBA was formed just over a year ago as the successor to the Committee of European Banking Supervisors. Its members are the heads of the financial regulators of the EU member states.
The letter could come as a blow to the American-led .bank application proposed by the American Bankers Association and the Financial Services Roundtable’s BITS division.
The BITS project envisages a tightly controlled namespace for banks, governed by a fairly strenuous set of security measures.
But the establishment of a .bank gTLD is one area where we are almost guaranteed to see ICANN’s Governmental Advisory Committee exercising its new-found objection powers.
If the Europeans and the Americans do not see eye to eye, .bank will not see the light of day.
.bank trademark canceled after “mistake”
A US trademark on the term “.bank” granted to a likely .bank top-level domain applicant has been canceled just over a week after it was approved.
The Patent & Trademark Office withdrew trademark 4,085,335 yesterday, stating that it had been issued to Asif LLC in error.
The USPTO noticed that the application was for a gTLD string after receiving a letter of protest on January 6, which it forgot to process before granting the trademark.
In a letter to Asif’s lawyers, the USPTO noted that it has a policy of not approving trademarks for TLDs, adding:
The USPTO has broad authority to correct mistakes…
In view of the letter of protest prior to registration and the clear violation of the USPTO’s established policy that marks such as this do not function as trademarks, this registration is canceled as inadvertently issued
Asif, which recently changed its name to Domain Security Company, intends to apply to ICANN for .bank and .secure, but as I reported last week it faces an uphill battle given rival .bank bids.
It used a Wild West Domains reseller account to demonstrate to the USPTO it was using the .bank mark.
It’s not currently clear who was responsible for the letter of protest.
Tiny start-up secures .bank gTLD trademark
A likely new gTLD applicant has secured a US trademark on the term “.bank”.
Asif LLC, a Wisconsin start-up with an undisclosed number of employees, won approval for the trademark 4,085,335 on Tuesday, for use in “domain name registration services”.
(UPDATE: Asif actually does business now as Domain Security Company LLC, but the trademark application was filed under its former name.)
As Domain Name Wire reported last year, Asif became a Go Daddy reseller in order to provide the US Patent & Trademark Office with proof it was using the brand.
It appears the gambit was successful, and the company now has a card to play in its inevitable battle with other .bank applicants, such as the BITS/American Bankers Association project.
Mary Iqbal, Asif’s CEO, told DomainIncite today that the company also has a trademark pending in Pakistan, where it has existing business connections.
Iqbal says she’s serious about her .bank application. It’s an idea she’s been working on for a few years.
Asif has been talking to security companies about providing the security infrastructure for the gTLD and has already signed up with a registry back-end provider, she said.
All she was prepared to disclose at the moment is that one of these partners has “ground-breaking encryption technology” and that the company has solid plans for its security profile.
The .bank gTLD would of course be limited to manually verified financial institutions, Iqbal confirmed.
Explaining the reseller site used to get the trademark, Iqbal said: “We intend to use that in future to sell .bank domain names but for now we’re selling names in other TLDs.”
Asif also has a pending US trademark on “.secure”, which it also plans to apply for as a gTLD.
Iqbal said that the company plans to offer small and medium sized e-commerce businesses extra security services if they redirect their customers to their .secure domain at the checkout.
While I am unaware of any other public .secure applicants, the .bank gTLD is expected to be contested.
A joint project of the American Bankers Association and BITS, part of the Financial Services Roundtable, has already essentially confirmed that it plans to apply for .bank and possibly two other financial gTLDs, using Verisign as its back-end.
“We don’t know for sure if they’re going to apply for .bank,” Iqbal said, however. “If somebody else does apply, all I can say that we are the legal rights holder for .bank.”
Holding a trademark on a term gives companies the right to file a Legal Rights Objection against new gTLD applicants.
However, as much as I love an entrepreneur, I estimate the chances of Asif getting its .bank application approved at roughly zero, trademark or not.
There are about half a dozen different reasons Asif would probably not pass the Legal Rights Objection test, which would leave it in a contention set with other .bank applicants.
The final mechanism offered by ICANN to resolve contested gTLDs is an auction, and nobody goes into an auction against the American Bankers Association expecting to win.
ICANN also encourages applicants in contention sets to talk it out amongst themselves before resorting to auction. If Asif is lucky, a rival .bank applicant will pay it to go away before the string goes to auction.
If it’s very lucky, somebody will acquire the trademark before the company – which Iqbal said is already funded but would welcome additional investment – splashes out $185,000 on its application fee.
The Asif .bank application also stands a substantial chance of being objected to by governments.
ICANN’s Governmental Advisory Committee, and in particular the influential US representative, has very strong views on gTLDs purporting to represent regulated industries.
If the GAC is faced with a choice between a .bank backed by the ABA and BITS with a Verisign back-end, and one backed by a tiny Wisconsin start-up, I believe there’s a pretty good chance the Wisconsin start-up is going to find itself on the receiving end of a GAC Advice objection.
Just a hunch.
High-security .bank spec published
BITS, the technology arm of the Financial Services Roundtable, has published a set of specifications for new “high-security” generic top-level domains such as .bank and .pay.
The wide-ranging spec covers 31 items such as registration and acceptable use policies, abusive conduct, law enforcement compliance, registrar relations and data security.
It would also ban Whois proxy/privacy services from financial gTLDs and oblige those registries to verify that all Whois records were fully accurate at least once every six months.
The measures could be voluntarily adopted by any new gTLD applicant, but BITS wants them made mandatory for gTLDs related to financial services, which it calls “fTLDs”.
A letter sent by BITS and the American Bankers Association to ICANN management in late December (pdf) is even a bit threatening on this point:
We strongly urge that ICANN accept the [Security Standards Working Group’s] proposed standards and require their use in the evaluation process. We request notification by 31 January 2012 that ICANN commits to use these fTLD standards in the evaluation of the appropriate gTLD applications. BITS, the American Bankers Association (ABA), and the organizations involved in this effort are firmly committed to ensuring fTLDs are operated in a responsible and secure manner and will take all necessary steps to ensure that occurs.
BITS, it should be pointed out, is preparing its own .bank bid (possibly also .invest and .insure) so the new specs give a pretty good indication of what its own gTLD applications will look like.
ICANN’s Applicant Guidebook does not currently mandate any security standard, but it does say that security practices should be commensurate with the level of trust expected from the gTLD string.
Efforts within ICANN to create a formal High Security Zone Top Level Domain (HSTLD) standard basically fizzled out in late 2010 after ICANN’s board said it would not endorse its results.
That said, any applicant that chooses to adopt the new spec and can demonstrate it has the wherewithal to live up to its very strict requirements stands a pretty good chance of scoring maximum points in the security section of the gTLD application.
Declining to implement these new standards, or something very similar, is likely to be a deal-breaker for any company currently thinking about applying for a financial services gTLD.
Even if ICANN does not formally endorse the BITS-led effort, it is virtually guaranteed that the Governmental Advisory Committee will be going through every financial gTLD with a fine-toothed comb when the applications are published May 1.
The US government, via NTIA chief Larry Strickling, said this week that the GAC plans to reopen the new gTLD trademark protection debate after the applications are published.
It’s very likely that any dodgy-looking gTLDs purporting to represent regulated industries will find themselves under the microscope at that time.
The new spec was published by BITS December 20. It is endorsed by 17 companies, mostly banks. Read it in PDF format here.
BITS may apply for six financial gTLDs
BITS, the technology policy wing of the Financial Services Roundtable, may apply to ICANN for as many as six financially-focused new top-level domains.
The organization is pondering bids for .bank, .banking, .insure, .insurance, .invest and .investment, according to Craig Schwartz, who’s heading the project as general manager for registry programs.
(UPDATE: To clarify, these are the six strings BITS is considering. It does not expect to apply for all six. Three is a more likely number.)
Schwartz, until recently ICANN’s chief gTLD registry liaison, told DI that the application(s) will be filed by a yet-to-be-formed LLC, which will have the FSR and the American Bankers Association as its founding members.
It will be a community-designated bid, which means the company may be able to avoid an ICANN auction in the event that its chosen gTLD strings are contested by other applicants.
“We’ve looked at the scoring, and while it may not come into play at all we do believe we can meet the requisite score [for a successful Community Priority Evaluation],” Schwartz said. “But we’re certainly mindful of what’s happening in the space, there’s always the possibility of contention.”
There’s no relationship between BITS and CORE, the Council of European Registrars, which is apparently looking into applying for its own set of financially-oriented gTLDs, Schwartz said.
It’s not a big-money commercial play, but the new venture would be structured as a for-profit entity, he said.
“It’s relatively analogous to what’s happened in the .coop space, where after 10 years they have only about 7,000 registrations,” Schwartz said.
It sounds like pricing might be in the $100+ range. Smaller financial institutions lacking the resources to apply for their own .brand gTLDs would be a likely target customer base.
Interestingly, .bank may begin life as a business-to-business play, used primarily for secure inter-bank transactions, before it becomes a consumer-facing proposition, Schwartz said.
He added that it would likely partner with a small number of ICANN-accredited registrars – those that are able to meet its security requirements – to get the domains into the hands of banks.
VeriSign has already signed up to provide the secure back-end registry services for the bid.
Senior ICANN staffer hired by .bank project
Craig Schwartz, ICANN’s chief gTLD registry liaison, has been headhunted by BITS, the tech arm of the Financial Services Roundtable, to head up its .bank top-level domain application.
Schwartz will become BITS’ general manager of registry programs in early July, following the conclusion of the next ICANN meeting in Singapore.
BITS has yet to reveal the TLDs it plans to apply for, but .bank is the no-brainer. I understand it is also considering complementary strings, such as .finance and .insurance
The organization has already said that it plans to use VeriSign as its back-end registry services provider.
Schwartz is a five-year ICANN veteran, and his experience dealing with registries will no doubt be missed, particularly at a time when the number of gTLDs is set to expand dramatically.
His replacement will have plenty of time to settle into the role, however. The first new gTLDs approved under the program are not likely to go live until late 2012 at the earliest.
VeriSign now front-runner for .bank
VeriSign has signed a deal with two major banking industry organizations to become their exclusive provider of registry services for any new top-level domains designed for financial services companies.
The deal is with the American Bankers Association and BITS, the technology policy arm of the Financial Services Roundtable. Together, they represent the majority of US banks.
While the announcement conspicuously avoids mentioning any specific TLD strings, .bank is the no-brainer. I suspect other announced .bank initiatives will now be reevaluating their plans.
The way ICANN’s new gTLD Applicant Guidebook is constructed, any TLD application claiming to represent the interests of a specific community requires support from that community.
There are also community challenge procedures that would almost certainly kill off any .bank application that did not have the backing of major banking institutions.
BITS has already warned ICANN that it would not tolerate a .bank falling into the wrong hands, a position also held by ICANN’s Governmental Advisory Committee.
In an era of widespread phishing and online fraud, the financial services industry is understandably eager that domains purporting to represent banks are seen to be trustworthy.
Because we all trust bankers, right?
VeriSign is of course the perfect pick for a registry services provider. As well as running the high-volume .com and .net domains, it also carries the prestige .gov and .edu accounts.
“We’re honored to have been chosen by BITS and ABA as their registry operator for any new gTLDs deployed to serve the financial services industry and their customers,” said Pat Kane, VeriSign’s senior VP of Naming Services, in a statement.
Apart from the multilingual versions of .com and .net, I think this may be the first new TLD application VeriSign has publicly associated itself with.
Banks to write security rules for “.bank”
Financial services firms unhappy with ICANN’s new top-level domains program are to take matters into their own hands by writing security guidelines for TLDs like “.bank”.
BITS, the technology policy arm of the Financial Services Roundtable, said it plans to develop “elevated security standards for financial gTLDs” and wants ICANN to make them mandatory.
The organization, which counts many major world banks as members, is concerned that a “.bank” in the hands of a registry with lax security could increase fraud and reduce confidence in banking online.
BITS said its guidelines would be drafted by a globally diverse working group and submitted to an international standards-setting organization for ratification.
It wants ICANN to include a single sentence in its new TLDs Applicant Guidebook, apparently incorporating the guidelines by reference:
Evaluators will use standards published by the financial services industry to determine if the applicant’s proposed security approach is commensurate with the level of trust necessary for financial services gTLDs.
An ICANN working group is working on the concept of a High Security Zone TLD for precisely this kind of application, but in September the ICANN board abruptly decided that it “will not be certifying or enforcing” the idea, apparently in order to mitigate its own corporate risk.
The BITS project appears to be in direct response to that move.
It certainly seems to be a more productive avenue of engagement than hinting at a lawsuit, which it did in a November letter to ICANN.
I’m attempting to confirm whether the BITS plan, submitted as a response to the Applicant Guidebook public comment period, is being proposed with ICANN’s backing. (UPDATE: it isn’t.)
ICANN told to ban .bank or get sued
A major financial services lobby group has threatened to sue ICANN unless it puts strict limitations on “.bank” top-level domains.
BITS, the technology policy arm of the Financial Services Roundtable, said financial domains should be banned from the first round of new TLDs, until rules governing security are developed.
In a November 4 letter to ICANN chief executive Rod Beckstrom, BITS said:
If these critical issues are not fully resolved and ICANN chooses not to defer financial TLD delegation, BITS, its members and its partners are prepared to employ all available legislative, regulatory, administrative and judicial mechanisms.
BITS counts all the major US banks among its membership, as well as many large insurance companies and share-trading services.
The organization is concerned that TLDs such as .bank could lead to consumer confusion and an increase in fraud online if delegated into the wrong hands.
While BITS said that it “prefer[s] a prudent solution”, it has threatened to file “legal complaints in one or more jurisdictions” and to lobby the US Congress for legislation.
It noted that ICANN’s IANA contract, which gives it the power to create new TLDs, expires next August, and said that it may lobby Congress for legislation mandating better security as a condition of the renewal.
BITS and other financial groups have already written to members of Congress, in September, expressing disappointment with the absence of a high-security TLD policy from ICANN and adding:
In recognition of the need for higher levels of security and stability in financial services gTLDs than in gTLDs generally, we urge you to support inclusion of language in cyber security legislation language that prevents ICANN from adding financial services gTLDs to the root zone unless the IANA contract specifies higher levels of security for such gTLDs.
The Federal Deposit Insurance Corporation, the US government body responsible for insuring banks, has also written to the Department of Commerce, expressing its concerns about the possible introduction of a .bank TLD.
Currently, I’m not aware of any public initiative to apply for .bank, but it’s possible that restrictions on financial services TLDs could capture the recently launched German “.insurance” project.
The BITS correspondence was published (pdf) as an attachment to an ongoing Reconsideration Request lodged by Michael Palage, chair of the High Security Top Level Domain Verification Program Advisory Group.
The HSTLD group has been working on a set of technological policy specifications for registries managing high-security TLDs.
Palage is annoyed that ICANN’s board seems to have distanced itself from the HSTLD concept before the group has even finished its work, by resolving in September that:
ICANN will not endorse or govern the program, and does not wish to be liable for issues arising from the use or non-use of the standard.
The HSTLD group, by contrast, has a “clear majority in support of ICANN retaining a continued oversight role”, according to Palage. He wrote:
The ICANN Board’s unilateral actions also have a chilling effect on future bottom up consensus efforts because participants have no basis to know when the ICANN Board will take such unilateral actions in the future.
He’s not alone in worrying about recent top-level ICANN decisions that appear to put corporate legal liability ahead of the wishes of the community. I reported on the issue last week.
Recent Comments