Presentation on theme: "DRAFT Workshop on Cyber Security & Global Affairs The Domain Name Space : Looking back - 16 years since.com Key observations, problems and proactive solutions."— Presentation transcript:
DRAFT Workshop on Cyber Security & Global Affairs The Domain Name Space : Looking back - 16 years since.com Key observations, problems and proactive solutions Katie K. Richards St. Peter’s College, Oxford August 6th, 2009
Produced by: email@example.com 16.06.09Slide 2 Agenda Consumer Behavior on the Internet Exploitation on the Internet - What’s going on? - Who’s getting hurt? - How much does it cost us? Proactive solutions - What can be fixed in the workplace? - How to influence change in industry About CADNA The Big Picture - What’s ineffective? - Who’s working towards improvement? Tomorrow’s Main Challenge for Business and Users - New gTLDs and estimated costs
Produced by: firstname.lastname@example.org 16.06.09Slide 3 Consumer behavior on the Internet Access by Search or Direct Navigation Direct Navigators convert at nearly twice the rate as Search Navigators. Domain names are: cyber real-estate addresses - “easy-to-remember” labels of IP numbers translated into alphanumeric strings separated by dots to protect and promote a brand gateways to web sites to find expected content Accessibility => “findability” Search Navigation- Natural search (SEO) and paid search (SEM) Direct Navigation- Communicated, Freestyle or Evolved Why is direct navigation so important to understand?
Produced by: email@example.com 16.06.09Slide 4 Exploitation on the Internet: What’s going on Cybersquatting techniques Ecommerce is all about customer traffic – not about ‘gut feel’ Step 1 – Identify target domains Register domain names brand owners fail to register to profit from visitor traffic in bad faith or to resell them - Typo squatting (myspac.com) - Combo squatting (disneyplyhouse.com) Exploitation: making money at the expense of honest users and brands Step 2 – Monetize traffic Pay-Per-Click (PPC) Affiliate fraud Direct Sales fraud
Produced by: firstname.lastname@example.org 16.06.09Slide 5 Exploitation on the Internet - What’s going on? Pay-per-click site Pay-per-click sites are found through direct navigation not via search. Noise and diversion Competitor site Intended product site Unrelated sites How does this work? Affiliate sites allow branded links and banners. Direct Sales sells genuine or fakes
Produced by: email@example.com 16.06.09Slide 6 Exploitation on the Internet - What’s going on? PPC monetization process Consumer Intended Brand Site Bad news: Consumer misspells the Brand Site domain name into the address bar Cybersquatter PPC Site Advertising Service Good news: Consumer types correct domain name into address bar Distributes site paid links that are “relevant” to the content Cybersquatter uses Ad Service Ad Service pays cybersquatter Site hosts “sponsored links” to other sites including the legitimate Brand Site Billions of dollars are lost or revenues are misdirected. Ad Service charges Brand Site Brand Site pays Ad Service Competitor/ Other Brand Site How does the revenue model work?
Produced by: firstname.lastname@example.org 16.06.09Slide 7 Exploitation on the Internet - What’s going on? PPC revenue model PPC is effortless. Converting consumer traffic into gold. Revenue ($) = Traffic (T) x Conversion rate (%) x Revenue per click (RPC) (T) = Traffic = visitors per year = 100 / year (%) = Conversion rate = 25% RPC = $1.46* ( Registrant receives $0.73. Ad partner typically keeps half) Domain Cost = $10 ( $6.20 if the registrant is a registrar) R.O.I analysis: (100 x 0.25 x $0.73) - $10 = $8.25 (12.05) = (8.25/10) x 100 = 82.5% (120.5%) * VeriSign 2007 Break Even analysis: ( T x 0.25 x $0.73) - $10 = 0.00 solve for T = 55 visitors per year How big is this problem?
Produced by: email@example.com 16.06.09Slide 8 Exploitation on the Internet - What’s going on? Cybersquatting data findings Cybersquatting grows at a rate of 100% year after year Owning the right names will counter unnecessary diversion + financial loss. Most activity is committed by “small timers” and a few big offenders An estimated 5% of cybersquatting is responsible for 95% of traffic hijacking Less than 50% of cybersquatting sites receive meaningful traffic On average, a global corporation will face 5,000 infringements every year 25% of visitors click on links on a Pay-Per-Click (PPC) sites Sites that garner meaningful traffic receive an average of 600 visitors/year Of those who click, an estimated 75% click on the link of the brand owner represented in the domain name Average cost per click is $0.50*. The cost of a lost visitor is much more. Who is getting hurt? *FairWinds
Produced by: firstname.lastname@example.org 16.06.09Slide 9 Exploitation on the Internet: Who’s getting hurt? Consumers, Business and Government & Non-for-profits Consumers Confusion and poor online experience - a feeling of being “hijacked” Exposed to malware and spyware Divulge private information to fraudulent sites Purchase counterfeit medication and products Businesses Lost or misdirected revenue and extortion Reputational damage Increasing enforcement costs Government and Non-profit organizations Confusing or misleading sites government sites Lost campaign donations from phishing and fake charity sites. Exploitation persists because cybersquatters go unpunished.
Produced by: email@example.com 16.06.09Slide 10 Exploitation on the Internet - Who’s getting hurt ? Customers (1/2) PPC leads to consumer confusion and harm from counterfeit medication. A typical pay-per-click site of a typo - that may lead to a counterfeit drug site. Content and links appear authentic at a first glance.
Produced by: firstname.lastname@example.org 16.06.09Slide 11 Exploitation on the Internet - Who’s getting hurt ? Customers (2/2) An Official Site - Relevant brand content and services.
Produced by: email@example.com 16.06.09Slide 12 Exploitation on the Internet: Who’s getting hurt? Government bodies Users are confused, shocked or frustrated
Produced by: firstname.lastname@example.org 16.06.09Slide 13 Exploitation on the Internet: Who’s getting hurt? Non-profit Organizations Users are diverted and think sponsored links are credible. How painful is cybersquatting?
Produced by: email@example.com 16.06.09Slide 14 Exploitation on the Internet: How much does it cost? Business impact Tangibles Lost leads and sales - for some trademarks > $1 Mio per year per brand Online monitoring programs - on average $40,000 per year UDRPs - on average 10 complaints filed per year at an average cost of $6,000 Cease and desist letters - an average of 150 sent annually at $50 each Intangibles Lost goodwill and customer loyalty from poor experiences Brand dilution Brand owners worldwide lose over $1 billion each year. Why is this happening?
Produced by: firstname.lastname@example.org 16.06.09Slide 15 The Big Picture What’s ineffective? (1/2) Legislation International Law - no international regulation for the protection or for damages to rectify actual harm. US Law - ACPA (anti-cyber squatting consumer protection act 1999) awards damages in a range of $1,000 - $100,000. ACPA is effective only against cybersquatters with a high number of infringements of one brand. Arbitration The UDRP process - NAF (USA) and WIPO (CH) - provides only for the cancellation or transfer of a domain name. No damages are awarded. A cybersquatter can choose not to respond to a filed complaint and just hand over the domain. Only minor legal and dispute deterrents exist against cybersquatting.
Produced by: email@example.com 16.06.09Slide 16 The Big Picture What’s ineffective? (2/2) Policy ICANN A “bottom-up” policy development process claims to represent global multi- stakeholder interest but illustrates conflicts of interest - as public members were voted off ICANN’s board in 2003. US Government Joint Project Agreement (JPA) - a formalization in 2006 of the intent of the US Government to see ICANN as eventually becoming an independent entity. The JPA is suppose to expire end of Sept 30 2009 - meaning no oversight of the Internet from any country. Conflicts of interests + lack of oversight blur judgement and agenda. Test the hypothesis.
Produced by: firstname.lastname@example.org 16.06.09Slide 17 Domain name popularity Top 5 gTLDS Out of 21 gTLDs, only a handful are ingrained in user behavior. Registrations are highly skewed. Product defects? How many are defensive registrations? Source: CADNA Here comes more trouble...
Produced by: email@example.com 16.06.09Slide 18 Tomorrow’s challenges for Business and Users More gTLDs and increased concerns The next launch An unknown number of registrations are expected Registries may be run by brands, cities, affinity groups or speculators Possibly late 2010 Concerns Financial Costs Dilution of the current space Unstable IT infrastructure Global cybersecurity More malicious abuse It pays to be prepared. Know the possible impacts of new gTLDs.
Produced by: firstname.lastname@example.org 16.06.09Slide 19 Domain Name Stakeholder Map Voice of end-customer buys products/services Voice of the Business financially driven Voice of the Process ombudsman / policy maker A better system: Improve legislation and include the ‘voice of customer’ ICANN RegistriesRegistrars Brand Owners Regulatory Body awards contracts to Retailers sell domains to Consumers provide domains to Wholesalers Individuals Legislation Dispute Resolution strengthen feedback Customer focus Products Services Govern- ments What’s happening to fix things?
Produced by: email@example.com 16.06.09Slide 20 The Big Picture Who’s working towards improvement? Legislation International Law - WIPO is interested in developing an international treaty US Law - Update of ACPA for higher penalties US Congress: Cyber Security Act 2009 US Executive office: White House Cyber Security review Policy Joint Project Agreement - extension with or without ICANN’s agreement ICANN reform - improve governance, transparency, help reduce cybersquatting Positive trend: the Big Picture is changing for the better. Meanwhile... what can ‘I’ do?
Produced by: firstname.lastname@example.org 16.06.09Slide 21 Proactive solutions in the workplace Action Items Best practice 1.Attend or arrange internal stakeholder company and industry discussions 2.Measure the effectiveness of the current portfolio 3.Prioritize reclaim action of 3 rd party infringements 4.Buy the domain names you need - be where customers look to find you 5.Seek expert impartial advice Be in control of your domain name assets and customer impressions. Meanwhile... what can ‘We’ do?
Produced by: email@example.com 16.06.09Slide 22 Proactive solutions in industry How to influence change Vote individuall y Write a strong letter to ICANN Vote collectively "The burden of policing the ever-changing landscape of Internet fraud is too much for a single brand or corporation to bear. CADNA provides an opportunity for brand owners to work together to bolster fraud protection." - Susan Crane, Group Vice President of Intellectual Property, Wyndham Worldwide Attend ICANN meetings and voice your concerns Submit comments to ICANN and to government agencies Make change happen. Voice your opinion and suggestions.
Produced by: firstname.lastname@example.org 16.06.09Slide 23 About CADNA Coalition Against Domain Name Abuse A non-profit association formed in 2007 of leading global brand owners across industries Committed to fair online business practices and decrease cybersquatting Dedicated to build awareness with policymakers about gaps in US and International law and in policy that foster illegal and unethical infringement and the need for reform Provide best practice frameworks for brand owners to help protect themselves CADNA – a common voice for brand owners across industries
Produced by: email@example.com 16.06.09Slide 24 About CADNA Your reference library Keep yourself updated - visit the CADNA website Newsroom -CADNA updates - Press releases - Media Coverage Library -Articles on infringement - Glossary - Fact sheets and reports Local City Forums Speak to our members Your bookmark www.cadna.orgwww.cadna.org Try CADNA’s cybersquatting calculator to work out your potential loss
Produced by: firstname.lastname@example.org 16.06.09 email@example.com THANK YOU