DRAFT

Workshop on Cyber Security & Global Affairs

The Domain Name Space : Looking back - 16 years since .com

Key observations, problems and proactive solutions

Katie K. Richards

St. Peter’s College, Oxford August 6th, 2009

Produced by: katie@cadna.org 16.06.09 Slide 2Slide 2

Agenda

Consumer Behavior on the Internet

Exploitation on the Internet

- What’s going on? - Who’s getting hurt? - How much does it cost us?

Proactive solutions

- What can be fixed in the workplace? - How to influence change in industry

About CADNA

The Big Picture

- What’s ineffective? - Who’s working towards improvement?

Tomorrow’s Main Challenge for Business and Users

- New gTLDs and estimated costs

Produced by: katie@cadna.org 16.06.09 Slide 3Slide 3

Consumer behavior on the InternetAccess by Search or Direct Navigation

Direct Navigators convert at nearly twice the rate as Search Navigators.

Domain names are: cyber real-estate addresses - “easy-to-remember” labels of IP numbers

translated into alphanumeric strings separated by dots to protect and promote a brand gateways to web sites to find expected content

Accessibility => “findability” Search Navigation - Natural search (SEO) and paid search (SEM) Direct Navigation - Communicated, Freestyle or Evolved

Why is direct navigation so important

to understand?

Produced by: katie@cadna.org 16.06.09 Slide 4Slide 4

Exploitation on the Internet: What’s going on Cybersquatting techniques

Ecommerce is all about customer traffic – not about ‘gut feel’

Step 1 – Identify target domains Register domain names brand owners fail to register to profit from visitor traffic in bad faith or to resell them

- Typo squatting (myspac.com) - Combo squatting (disneyplyhouse.com)

Exploitation: making money at the expense of honest users and brands

Step 2 – Monetize traffic

Pay-Per-Click (PPC)

Affiliate fraud

Direct Sales fraud

Produced by: katie@cadna.org 16.06.09 Slide 5

Exploitation on the Internet - What’s going on? Pay-per-click site

Pay-per-click sites are found through direct navigation not via search.

Noise and diversion

Competitor site

Intended product site

Unrelated sites How doesthis work?

Affiliate sites allow branded links and banners.

Direct Sales sells genuine or fakes

Produced by: katie@cadna.org 16.06.09 Slide 6Slide 6

Exploitation on the Internet - What’s going on? PPC monetization process

Consumer Intended Brand Site

Bad news: Consumer misspells the Brand Site

domain nameinto the address bar

Cybersquatter PPC Site

Advertising Service

Good news: Consumer types correct domain name into

address bar

Distributes site paid links thatare “relevant” to the content

Cybersquatter uses Ad Service

Ad Service pays cybersquatterSite hosts “sponsored links”to other sites including the

legitimate Brand Site

Billions of dollars are lost or revenues are misdirected .

Ad Service charges Brand Site

Brand Site pays Ad Service

Competitor/ Other Brand Site

How does the revenue model work?

Produced by: katie@cadna.org 16.06.09 Slide 7

Exploitation on the Internet - What’s going on? PPC revenue model

PPC is effortless. Converting consumer traffic into gold.

Revenue ($) = Traffic (T) x Conversion rate (%) x Revenue per click (RPC)

(T) = Traffic = visitors per year = 100 / year

(%) = Conversion rate = 25%

RPC = $1.46* (Registrant receives $0.73. Ad partner typically keeps half)

Domain Cost = $10 ( $6.20 if the registrant is a registrar)

R.O.I analysis:

(100 x 0.25 x $0.73) - $10 = $8.25 (12.05) = (8.25/10) x 100 = 82.5% (120.5%)

* VeriSign 2007

Break Even analysis:

( T x 0.25 x $0.73) - $10 = 0.00 solve for T = 55 visitors per yearHow big is

this problem?

Produced by: katie@cadna.org 16.06.09 Slide 8

Exploitation on the Internet - What’s going on? Cybersquatting data findings Cybersquatting grows at a rate of 100% year after year

Owning the right names will counter unnecessary diversion + financial loss.

Most activity is committed by “small timers” and a few big offenders

An estimated 5% of cybersquatting is responsible for 95% of traffic hijacking

Less than 50% of cybersquatting sites receive meaningful traffic

On average, a global corporation will face 5,000 infringements every year

25% of visitors click on links on a Pay-Per-Click (PPC) sites

Sites that garner meaningful traffic receive an average of 600 visitors/year

Of those who click, an estimated 75% click on the link of the brand owner represented in the domain name

Average cost per click is $0.50*. The cost of a lost visitor is much more.

Who is getting hurt?

*FairWinds

Produced by: katie@cadna.org 16.06.09 Slide 9Slide 9

Exploitation on the Internet: Who’s getting hurt?Consumers, Business and Government & Non-for-profits Consumers

Confusion and poor online experience - a feeling of being “hijacked”

Exposed to malware and spyware

Divulge private information to fraudulent sites

Purchase counterfeit medication and products

Businesses

Lost or misdirected revenue and extortion

Reputational damage

Increasing enforcement costs

Government and Non-profit organizations

Confusing or misleading sites government sites

Lost campaign donations from phishing and fake charity sites.

Exploitation persists because cybersquatters go unpunished.

Produced by: katie@cadna.org 16.06.09 Slide 10

Exploitation on the Internet - Who’s getting hurt ? Customers (1/2)

PPC leads to consumer confusion and harm from counterfeit medication.

A typical pay-per-click site of a typo - that may lead to a counterfeit drug site.

Content and links appear authentic at a first glance.

Produced by: katie@cadna.org 16.06.09 Slide 11

Exploitation on the Internet - Who’s getting hurt ? Customers (2/2)

An Official Site -

Relevant brand content and services.

Produced by: katie@cadna.org 16.06.09 Slide 12

Exploitation on the Internet: Who’s getting hurt?Government bodies

Users are confused, shocked or frustrated

Produced by: katie@cadna.org 16.06.09 Slide 13

Exploitation on the Internet: Who’s getting hurt?Non-profit Organizations

Users are diverted and think sponsored links are credible.

How painful is cybersquatting?

Produced by: katie@cadna.org 16.06.09 Slide 14

Exploitation on the Internet: How much does it cost?Business impact

Tangibles

Lost leads and sales - for some trademarks > $1 Mio per year per brand

Online monitoring programs - on average $40,000 per year

UDRPs - on average 10 complaints filed per year at an average cost of $6,000

Cease and desist letters - an average of 150 sent annually at $50 each

Intangibles

Lost goodwill and customer loyalty from poor experiences

Brand dilution

Brand owners worldwide lose over $1 billion each year.

Why is thishappening?

Produced by: katie@cadna.org 16.06.09 Slide 15

The Big Picture What’s ineffective? (1/2)

Legislation International Law - no international regulation for the protection or for damages to

rectify actual harm.

US Law - ACPA (anti-cyber squatting consumer protection act 1999) awards damages in a range of $1,000 - $100,000. ACPA is effective only against cybersquatters with a high number of infringements of one brand.

Arbitration The UDRP process - NAF (USA) and WIPO (CH) - provides only for the

cancellation or transfer of a domain name. No damages are awarded. A cybersquatter can choose not to respond to a filed complaint and just hand over the domain.

Only minor legal and dispute deterrents exist against cybersquatting.

Produced by: katie@cadna.org 16.06.09 Slide 16

The Big Picture What’s ineffective? (2/2)

Policy

ICANN

A “bottom-up” policy development process claims to represent global multi-stakeholder interest but illustrates conflicts of interest - as public members were voted off ICANN’s board in 2003.

US Government

Joint Project Agreement (JPA) - a formalization in 2006 of the intent of the US Government to see ICANN as eventually becoming an independent entity. The JPA is suppose to expire end of Sept 30 2009 - meaning no oversight of the Internet from any country.

Conflicts of interests + lack of oversight blur judgement and agenda.

Test thehypothesis.

Produced by: katie@cadna.org 16.06.09 Slide 17

Domain name popularity Top 5 gTLDS

Out of 21 gTLDs, only a handful are ingrained in user behavior.

Registrations are highly skewed.

Product defects?

How many are defensive registrations?

Source: CADNA

Here comesmore trouble ...

Produced by: katie@cadna.org 16.06.09 Slide 18

Tomorrow’s challenges for Business and UsersMore gTLDs and increased concerns

The next launch An unknown number of registrations are expected Registries may be run by brands, cities, affinity groups or speculators

Possibly late 2010

Concerns Financial Costs Dilution of the current space Unstable IT infrastructure Global cybersecurity More malicious abuse

It pays to be prepared. Know the possible impacts of new gTLDs.

Produced by: katie@cadna.org 16.06.09 Slide 19

Domain Name Stakeholder Map

Voice of end-customerbuys products/services

Voice of the Businessfinancially driven

Voice of the Processombudsman / policy maker

A better system: Improve legislation and include the ‘voice of customer’

ICANN Registries Registrars

Brand Owners

Regulatory Body

awards contracts to

Retailers

sell domains to

Consumers

provide domains to

Wholesalers

Individuals

Legislation

Dispute Resolution

strengthen

feedback

Customer

focus

ProductsServices

Govern-ments

What’s happeningto fix things?

Produced by: katie@cadna.org 16.06.09 Slide 20

The Big Picture Who’s working towards improvement?

Legislation International Law - WIPO is interested in developing an international treaty

US Law - Update of ACPA for higher penalties

US Congress: Cyber Security Act 2009

US Executive office: White House Cyber Security review

Policy Joint Project Agreement - extension with or without ICANN’s agreement

ICANN reform - improve governance, transparency, help reduce cybersquatting

Positive trend: the Big Picture is changing for the better.

Meanwhile ... what can ‘I’ do?

Produced by: katie@cadna.org 16.06.09 Slide 21

Proactive solutions in the workplaceAction Items

Best practice

1. Attend or arrange internal stakeholder company and industry discussions

2. Measure the effectiveness of the current portfolio

3. Prioritize reclaim action of 3rd party infringements

4. Buy the domain names you need - be where customers look to find you

5. Seek expert impartial advice

Be in control of your domain name assets and customer impressions.

Meanwhile ... what can ‘We’ do?

Produced by: katie@cadna.org 16.06.09 Slide 22

Proactive solutions in industry How to influence change

Vote individually

Write a strong letter to ICANN

Vote collectively

"The burden of policing the ever-changing landscape of Internet fraud is too much for a single brand or corporation to bear. CADNA provides an opportunity for brand owners to work together to bolster fraud protection."- Susan Crane, Group Vice President of Intellectual Property, Wyndham Worldwide

Attend ICANN meetings and voice your concerns

Submit comments to ICANN and to government agencies

Make change happen. Voice your opinion and suggestions.

Produced by: katie@cadna.org 16.06.09 Slide 23

About CADNACoalition Against Domain Name Abuse

A non-profit association formed in 2007 of leading global brand owners across industries

Committed to fair online business practices and decrease cybersquatting

Dedicated to build awareness with policymakers about gaps in US and International law and in policy that foster illegal and unethical infringement and the need for reform

Provide best practice frameworks for brand owners to help protect themselves

CADNA – a common voice for brand owners across industries

Produced by: katie@cadna.org 16.06.09 Slide 24

About CADNAYour reference library

Keep yourself updated - visit the CADNA website

Newsroom

- CADNA updates - Press releases - Media Coverage

Library

- Articles on infringement - Glossary - Fact sheets and reports

Local City Forums

Speak to our members

Your bookmark www.cadna.org

Try CADNA’s cybersquatting

calculator to work out your potential loss

Produced by: katie@cadna.org 16.06.09

katie@cadna.org

THANK YOU