The plan has touched off a scramble among investors eager to gain control of the virgin Internet real estate, potentially worth billions of dollars in annual licensing fees. But a vocal group of critics is calling the speed and scale of the expansion reckless, given its possible impact on the Internet’s global infrastructure, which relies on interactions among computer networks owned by companies, universities and individual users.
Particularly troubling is the possibility of widespread “name collisions” that could happen when domains used by internal corporate computer systems — such as “.corp” or “.home” — get assigned to the Web more broadly. This could cause systems to fail, blocking access to e-mail or other internal programs, and also could open sensitive information to theft, some experts say.
“This could affect a million enterprises,” said Danny McPherson, chief security officer for Verisign, which is based in Reston and manages several of the most popular existing domains. “It could absolutely break things.”
McPherson and other security experts say the nonprofit group that oversees the designation of Web addresses, the Internet Corporation for Assigned Names and Numbers (usually known by its acronym, ICANN), has not done enough study on the impact of the new domain names and does not have procedures in place to respond quickly if systems malfunction. Among those posing risk could be domains such as “.med” or “.center” that might be critical to the functioning of medical systems or emergency-response networks.
Similar concerns have been expressed by the Association of National Advertisers, which represents hundreds of major companies, and the Internet commerce site PayPal, which issued a letter in March saying, “The potential for malicious abuse is extraordinary, [and] the incidental damage will be large even in the absence of malicious intent.”
Defenders of the plan have called such fears overblown, arguing that the potential problems have been long understood and will be resolved before new domains are approved. Because the new domains will be released gradually, over the course of months, there will be time to manage problems as they arise, said Jeffrey Moss, chief security officer for ICANN.
“It’s not like it’s a runaway train without recourse,” Moss said. “We’re not going to do anything that harms the security or stability of the Internet.”
U.S. officials who oversee Web security issues through the Commerce Department’s National Telecommunications and Information Administration expressed confidence in the management of the domain program, issuing a statement saying, “We would expect these issues to be discussed and resolved within the ICANN multistakeholder process.”