We will give general comments in section one, followed by specific comments in section two on those among the 20 recommendations and implementation guidelines we believe are most important to consumers. We will end with section three, statements of agreement and disagreement with other constituencies.

I. General comments.

Consumers have a limited understanding of the domain name system. For instance, most believe they are safer on sites within the .org domain and attribute a higher level of credibility to sites with a .org suffix. They believe the .org domain to be the providence of non-profit organizations, therefore subject to more intensive oversight and scrutiny, having a higher bar for "admittance" than a .com or .biz site. In reality, no such restrictions exist for .org such as those on .edu or .mil. We believe ICANN and the GNSO need to ascertain additional detail on consumer perceptions of the domain name system, either through survey research or literature review. ICANN should work with other organizations to promote better consumer education about how domains work. Few consumers are aware, for instance, of the sponsored domains, .COOP, .AERO, .TRAVEL, etc. What has ICANN and the GNSO learned from the success of, say, .MOBI and the failure of .COOP?

The GNSO document contains no specific language about safeguards and provisions to prevent criminal abuse of TLDs. For an organization seeking to create a new TLD, what would the abuse complaint handling procedure be? How would takedowns be handled? To overstate the case, in order to make a point: The GNSO document is so vaguely worded it appears there would be little to prevent the Russian Business Network from creating, for example, a .trust domain in hopes of convincing consumers they could transact there in safety, while at the same time selling registrations to unscrupulous operators.

The document presumes only law enforcement agencies should be considered authoritative sources for investigations and takedowns. In the United States, most consumers find law enforcement agencies to be unresponsive in cases of individual identity theft and Internet fraud. What recourse would consumers have with operators of sites in these proposed new TLDs? We know from experience TLD administrators are not interested in dealing with anyone who is not in a law enforcement organization. What about consumer organizations the public?

Since most consumers are concerned about phishing, identity theft, fraud and other problems, we believe any document discussing means of creation for new TLDs must be specific in addressing safeguards in the creation and administration processes that would prevent these problems. The GNSO document is grossly inefficient in this regard. Strengthening and specification within these documents is especially important in light of the review of Registrar Accreditation Agreements (RAAs). Consumer Reports WebWatch publicly stated, and stated within the RAA working group document, that these current agreements contain few to no incentives for compliance. In short, the RAAs have no teeth, and this GNSO document has no teeth.

II. Specific comments: Recommendations.

7. "Applicants must be able to demonstrate their technical capability¹" According to what set of guidelines and provisions?

8. According to what criteria, and to whom, in what time frame, triggered or prompted by what circumstance?

9. Where will it be published? How will it be brought to the attention of the public? What are the criteria and how will they be arrived at?

12. How will dispute resolution and challenge processes be established? What guidelines will be used to establish them and what is the source of these guidelines? How will disputes be resolved in a timely matter? Who has dispute resolution oversight?

19. Or else? What is the penalty for violating this provision? What is the incentive for compliance?

20. Who will be on the expert panel? How will its makeup be determined? To whom will it answer?

Specific comments: Implementation guidelines.

IG C: What is the definition of "frequent"? What format will the communications be in?

IG P: What criteria will be used to determine the makeup of the dispute resolution panel? To whom will it report? What sort of oversight will it have?

III. Statements of agreement and disagreement with other constituencies.

We agree with the Non-Commercial Users Constituency's assessment of recommendation 6, found on page 29 of the GNSO final report Part B.

We agree with the Non-Commercial Users Constituency's comment on recommendation 7, found on page 31 of the GNSO final report Part B.

We disagree with the NCUC's comment on Recommendation 8 (page 31) in that we believe more criteria are necessary, though we do agree that they must be published, adhered to, etc.

We disagree with the NCUC's comment on Recommendation 11 (page 32). We do not believe placing limits on the participation of ICANN staff will generate the outcomes the NCUC posits.

We will give general comments in section one, followed by specific comments in section two on those among the 20 recommendations and implementation guidelines we believe are most important to consumers. We will end with section three, statements of agreement and disagreement with other constituencies.

I. General comments.
Consumers have a limited understanding of the domain name system. For instance, most believe they are safer on sites within the .org domain and attribute a higher level of credibility to sites with a .org suffix. They believe the .org domain to be the providence of non-profit organizations, therefore subject to more intensive oversight and scrutiny, having a higher bar for "admittance" than a .com or .biz site. In reality, no such restrictions exist for .org such as those on .edu or .mil. We believe ICANN and the GNSO need to ascertain additional detail on consumer perceptions of the domain name system, either through survey research or literature review. ICANN should work with other organizations to promote better consumer education about how domains work. Few consumers are aware, for instance, of the sponsored domains, .COOP, .AERO, .TRAVEL, etc. What has ICANN and the GNSO learned from the success of, say, .MOBI and the failure of .COOP?

The GNSO document contains no specific language about safeguards and provisions to prevent criminal abuse of TLDs. For an organization seeking to create a new TLD, what would the abuse complaint handling procedure be? How would takedowns be handled? To overstate the case, in order to make a point: The GNSO document is so vaguely worded it appears there would be little to prevent the Russian Business Network (http://en.wikipedia.org/wiki/Russian_Business_Network) from creating, for example, a .trust domain in hopes of convincing consumers they could transact there in safety, while at the same time selling registrations to unscrupulous operators.

The document presumes only law enforcement agencies should be considered authoritative sources for investigations and takedowns. In the United States, most consumers find law enforcement agencies to be unresponsive in cases of individual identity theft and Internet fraud. What recourse would consumers have with operators of sites in these proposed new TLDs? We know from experience TLD administrators are not interested in dealing with anyone who is not in a law enforcement organization. What about consumer organizations the public?

Since most consumers are concerned about phishing, identity theft, fraud and other problems, we believe any document discussing means of creation for new TLDs must be specific in addressing safeguards in the creation and administration processes that would prevent these problems. The GNSO document is grossly inefficient in this regard. Strengthening and specification within these documents is especially important in light of the review of Registrar Accreditation Agreements (RAAs). Consumer Reports WebWatch publicly stated, and stated within the RAA working group document, that these current agreements contain few to no incentives for compliance. In short, the RAAs have no teeth, and this GNSO document has no teeth.

II. Specific comments: Recommendations.

7. "Applicants must be able to demonstrate their technical capability¹" According to what set of guidelines and provisions?

8. According to what criteria, and to whom, in what time frame, triggered or prompted by what circumstance?

9. Where will it be published? How will it be brought to the attention of the public? What are the criteria and how will they be arrived at?

12. How will dispute resolution and challenge processes be established? What guidelines will be used to establish them and what is the source of these guidelines? How will disputes be resolved in a timely matter? Who has dispute resolution oversight?

19. Or else? What is the penalty for violating this provision? What is the incentive for compliance?

20. Who will be on the expert panel? How will its makeup be determined? To whom will it answer?

Specific comments: Implementation guidelines.

IG C: What is the definition of "frequent"? What format will the communications be in?

IG P: What criteria will be used to determine the makeup of the dispute resolution panel? To whom will it report? What sort of oversight will it have?

III. Statements of agreement and disagreement with other constituencies.

We agree with the Non-Commercial Users Constituency's assessment of recommendation 6, found on page 29 of the GNSO final report Part B.

We agree with the Non-Commercial Users Constituency's comment on recommendation 7, found on page 31 of the GNSO final report Part B.

We disagree with the NCUC's comment on Recommendation 8 (page 31) in that we believe more criteria are necessary, though we do agree that they must be published, adhered to, etc.

We disagree with the NCUC's comment on Recommendation 11 (page 32). We do not believe placing limits on the participation of ICANN staff will generate the outcomes the NCUC posits.

We agree with the Business and Commercial Users' Constituency in their statement of concern about abusive registrations.

We support discussion and possible implementation of the recommendations cited by the Business and Commercial Users' Constituency to help control abusive practices. The BCUC suggests (paraphrase):

• Graduated sanctions for contract non-compliance


• Avoiding confusingly similar domain names


• Avoiding infringement of third-party prior rights


• Clear, quick and low-cost procedures for dispute resolution and removal of bad-faith registrations


• Measures to prevent abuse of personal data

Thank you for the opportunity to comment.

Beau Brendler, Director
Consumer Reports WebWatch