DRAFT Workshop on Cyber Security & Global Affairs The Domain Name Space : Looking back - 16 years...
-
Upload
jailyn-burningham -
Category
Documents
-
view
214 -
download
0
Transcript of DRAFT Workshop on Cyber Security & Global Affairs The Domain Name Space : Looking back - 16 years...
DRAFT
Workshop on Cyber Security & Global Affairs
The Domain Name Space : Looking back - 16 years since .com
Key observations, problems and proactive solutions
Katie K. Richards
St. Peter’s College, Oxford August 6th, 2009
Produced by: [email protected] 16.06.09 Slide 2Slide 2
Agenda
Consumer Behavior on the Internet
Exploitation on the Internet
- What’s going on? - Who’s getting hurt? - How much does it cost us?
Proactive solutions
- What can be fixed in the workplace? - How to influence change in industry
About CADNA
The Big Picture
- What’s ineffective? - Who’s working towards improvement?
Tomorrow’s Main Challenge for Business and Users
- New gTLDs and estimated costs
Produced by: [email protected] 16.06.09 Slide 3Slide 3
Consumer behavior on the InternetAccess by Search or Direct Navigation
Direct Navigators convert at nearly twice the rate as Search Navigators.
Domain names are: cyber real-estate addresses - “easy-to-remember” labels of IP numbers
translated into alphanumeric strings separated by dots to protect and promote a brand gateways to web sites to find expected content
Accessibility => “findability” Search Navigation - Natural search (SEO) and paid search (SEM) Direct Navigation - Communicated, Freestyle or Evolved
Why is direct navigation so important
to understand?
Produced by: [email protected] 16.06.09 Slide 4Slide 4
Exploitation on the Internet: What’s going on Cybersquatting techniques
Ecommerce is all about customer traffic – not about ‘gut feel’
Step 1 – Identify target domains Register domain names brand owners fail to register to profit from visitor traffic in bad faith or to resell them
- Typo squatting (myspac.com) - Combo squatting (disneyplyhouse.com)
Exploitation: making money at the expense of honest users and brands
Step 2 – Monetize traffic
Pay-Per-Click (PPC)
Affiliate fraud
Direct Sales fraud
Produced by: [email protected] 16.06.09 Slide 5
Exploitation on the Internet - What’s going on? Pay-per-click site
Pay-per-click sites are found through direct navigation not via search.
Noise and diversion
Competitor site
Intended product site
Unrelated sites How doesthis work?
Affiliate sites allow branded links and banners.
Direct Sales sells genuine or fakes
Produced by: [email protected] 16.06.09 Slide 6Slide 6
Exploitation on the Internet - What’s going on? PPC monetization process
Consumer Intended Brand Site
Bad news: Consumer misspells the Brand Site
domain nameinto the address bar
Cybersquatter PPC Site
Advertising Service
Good news: Consumer types correct domain name into
address bar
Distributes site paid links thatare “relevant” to the content
Cybersquatter uses Ad Service
Ad Service pays cybersquatterSite hosts “sponsored links”to other sites including the
legitimate Brand Site
Billions of dollars are lost or revenues are misdirected .
Ad Service charges Brand Site
Brand Site pays Ad Service
Competitor/ Other Brand Site
How does the revenue model work?
Produced by: [email protected] 16.06.09 Slide 7
Exploitation on the Internet - What’s going on? PPC revenue model
PPC is effortless. Converting consumer traffic into gold.
Revenue ($) = Traffic (T) x Conversion rate (%) x Revenue per click (RPC)
(T) = Traffic = visitors per year = 100 / year
(%) = Conversion rate = 25%
RPC = $1.46* (Registrant receives $0.73. Ad partner typically keeps half)
Domain Cost = $10 ( $6.20 if the registrant is a registrar)
R.O.I analysis:
(100 x 0.25 x $0.73) - $10 = $8.25 (12.05) = (8.25/10) x 100 = 82.5% (120.5%)
* VeriSign 2007
Break Even analysis:
( T x 0.25 x $0.73) - $10 = 0.00 solve for T = 55 visitors per yearHow big is
this problem?
Produced by: [email protected] 16.06.09 Slide 8
Exploitation on the Internet - What’s going on? Cybersquatting data findings Cybersquatting grows at a rate of 100% year after year
Owning the right names will counter unnecessary diversion + financial loss.
Most activity is committed by “small timers” and a few big offenders
An estimated 5% of cybersquatting is responsible for 95% of traffic hijacking
Less than 50% of cybersquatting sites receive meaningful traffic
On average, a global corporation will face 5,000 infringements every year
25% of visitors click on links on a Pay-Per-Click (PPC) sites
Sites that garner meaningful traffic receive an average of 600 visitors/year
Of those who click, an estimated 75% click on the link of the brand owner represented in the domain name
Average cost per click is $0.50*. The cost of a lost visitor is much more.
Who is getting hurt?
*FairWinds
Produced by: [email protected] 16.06.09 Slide 9Slide 9
Exploitation on the Internet: Who’s getting hurt?Consumers, Business and Government & Non-for-profits Consumers
Confusion and poor online experience - a feeling of being “hijacked”
Exposed to malware and spyware
Divulge private information to fraudulent sites
Purchase counterfeit medication and products
Businesses
Lost or misdirected revenue and extortion
Reputational damage
Increasing enforcement costs
Government and Non-profit organizations
Confusing or misleading sites government sites
Lost campaign donations from phishing and fake charity sites.
Exploitation persists because cybersquatters go unpunished.
Produced by: [email protected] 16.06.09 Slide 10
Exploitation on the Internet - Who’s getting hurt ? Customers (1/2)
PPC leads to consumer confusion and harm from counterfeit medication.
A typical pay-per-click site of a typo - that may lead to a counterfeit drug site.
Content and links appear authentic at a first glance.
Produced by: [email protected] 16.06.09 Slide 11
Exploitation on the Internet - Who’s getting hurt ? Customers (2/2)
An Official Site -
Relevant brand content and services.
Produced by: [email protected] 16.06.09 Slide 12
Exploitation on the Internet: Who’s getting hurt?Government bodies
Users are confused, shocked or frustrated
Produced by: [email protected] 16.06.09 Slide 13
Exploitation on the Internet: Who’s getting hurt?Non-profit Organizations
Users are diverted and think sponsored links are credible.
How painful is cybersquatting?
Produced by: [email protected] 16.06.09 Slide 14
Exploitation on the Internet: How much does it cost?Business impact
Tangibles
Lost leads and sales - for some trademarks > $1 Mio per year per brand
Online monitoring programs - on average $40,000 per year
UDRPs - on average 10 complaints filed per year at an average cost of $6,000
Cease and desist letters - an average of 150 sent annually at $50 each
Intangibles
Lost goodwill and customer loyalty from poor experiences
Brand dilution
Brand owners worldwide lose over $1 billion each year.
Why is thishappening?
Produced by: [email protected] 16.06.09 Slide 15
The Big Picture What’s ineffective? (1/2)
Legislation International Law - no international regulation for the protection or for damages to
rectify actual harm.
US Law - ACPA (anti-cyber squatting consumer protection act 1999) awards damages in a range of $1,000 - $100,000. ACPA is effective only against cybersquatters with a high number of infringements of one brand.
Arbitration The UDRP process - NAF (USA) and WIPO (CH) - provides only for the
cancellation or transfer of a domain name. No damages are awarded. A cybersquatter can choose not to respond to a filed complaint and just hand over the domain.
Only minor legal and dispute deterrents exist against cybersquatting.
Produced by: [email protected] 16.06.09 Slide 16
The Big Picture What’s ineffective? (2/2)
Policy
ICANN
A “bottom-up” policy development process claims to represent global multi-stakeholder interest but illustrates conflicts of interest - as public members were voted off ICANN’s board in 2003.
US Government
Joint Project Agreement (JPA) - a formalization in 2006 of the intent of the US Government to see ICANN as eventually becoming an independent entity. The JPA is suppose to expire end of Sept 30 2009 - meaning no oversight of the Internet from any country.
Conflicts of interests + lack of oversight blur judgement and agenda.
Test thehypothesis.
Produced by: [email protected] 16.06.09 Slide 17
Domain name popularity Top 5 gTLDS
Out of 21 gTLDs, only a handful are ingrained in user behavior.
Registrations are highly skewed.
Product defects?
How many are defensive registrations?
Source: CADNA
Here comesmore trouble ...
Produced by: [email protected] 16.06.09 Slide 18
Tomorrow’s challenges for Business and UsersMore gTLDs and increased concerns
The next launch An unknown number of registrations are expected Registries may be run by brands, cities, affinity groups or speculators
Possibly late 2010
Concerns Financial Costs Dilution of the current space Unstable IT infrastructure Global cybersecurity More malicious abuse
It pays to be prepared. Know the possible impacts of new gTLDs.
Produced by: [email protected] 16.06.09 Slide 19
Domain Name Stakeholder Map
Voice of end-customerbuys products/services
Voice of the Businessfinancially driven
Voice of the Processombudsman / policy maker
A better system: Improve legislation and include the ‘voice of customer’
ICANN Registries Registrars
Brand Owners
Regulatory Body
awards contracts to
Retailers
sell domains to
Consumers
provide domains to
Wholesalers
Individuals
Legislation
Dispute Resolution
strengthen
feedback
Customer
focus
ProductsServices
Govern-ments
What’s happeningto fix things?
Produced by: [email protected] 16.06.09 Slide 20
The Big Picture Who’s working towards improvement?
Legislation International Law - WIPO is interested in developing an international treaty
US Law - Update of ACPA for higher penalties
US Congress: Cyber Security Act 2009
US Executive office: White House Cyber Security review
Policy Joint Project Agreement - extension with or without ICANN’s agreement
ICANN reform - improve governance, transparency, help reduce cybersquatting
Positive trend: the Big Picture is changing for the better.
Meanwhile ... what can ‘I’ do?
Produced by: [email protected] 16.06.09 Slide 21
Proactive solutions in the workplaceAction Items
Best practice
1. Attend or arrange internal stakeholder company and industry discussions
2. Measure the effectiveness of the current portfolio
3. Prioritize reclaim action of 3rd party infringements
4. Buy the domain names you need - be where customers look to find you
5. Seek expert impartial advice
Be in control of your domain name assets and customer impressions.
Meanwhile ... what can ‘We’ do?
Produced by: [email protected] 16.06.09 Slide 22
Proactive solutions in industry How to influence change
Vote individually
Write a strong letter to ICANN
Vote collectively
"The burden of policing the ever-changing landscape of Internet fraud is too much for a single brand or corporation to bear. CADNA provides an opportunity for brand owners to work together to bolster fraud protection."- Susan Crane, Group Vice President of Intellectual Property, Wyndham Worldwide
Attend ICANN meetings and voice your concerns
Submit comments to ICANN and to government agencies
Make change happen. Voice your opinion and suggestions.
Produced by: [email protected] 16.06.09 Slide 23
About CADNACoalition Against Domain Name Abuse
A non-profit association formed in 2007 of leading global brand owners across industries
Committed to fair online business practices and decrease cybersquatting
Dedicated to build awareness with policymakers about gaps in US and International law and in policy that foster illegal and unethical infringement and the need for reform
Provide best practice frameworks for brand owners to help protect themselves
CADNA – a common voice for brand owners across industries
Produced by: [email protected] 16.06.09 Slide 24
About CADNAYour reference library
Keep yourself updated - visit the CADNA website
Newsroom
- CADNA updates - Press releases - Media Coverage
Library
- Articles on infringement - Glossary - Fact sheets and reports
Local City Forums
Speak to our members
Your bookmark www.cadna.org
Try CADNA’s cybersquatting
calculator to work out your potential loss