Last week, Teresa Meek told us all about the plans to add countless new 'generic' top-level domain names (gTLDs). However, a potentially mighty faux-pas has thrown the plan into disarray. It almost certainly involves the leakage of commercially-sensitive data, and will only add to the weight of criticism on the Internet's domain system managers' heads.
But first, what's a gTLD? In last week's beautifully clear article, Teresa explained:
Starting in January, ICANN allowed those willing to foot the £116,000 application fee a chance to create a dot-anything registry. Some large companies...see the possibilities of additional branding; .canon, .deloitte, and .hitachi are among the applicants.
Businesses will have far greater protection over their brands with an entire gTLD than with a dot-com domain name. ... ICANN’s stated purpose in creating the gTLDs is to promote domain name competition and increased consumer choice.
The deadline for the first round of applications was to have been yesterday morning. However, The Internet Corporation for Assigned Names and Numbers (ICANN) has had to temporarily shut down the system for applicants to register their desired domain.
What's wrong? Aunty knows:
[O]rganisations now have until 20 April to apply for the new domains. ... Icann had previously said it would announce who had applied for which of the gTLDs on 30 April. It did not say whether this date would be affected by the incident.
So what happened? ICANN's COO, Akram Atallah, offers this dripping-with-PR-speke apology:
We have learned of a possible glitch...that has allowed a limited number of users to view some other users' file names and user names in certain scenarios. Out of an abundance of caution, we took the system offline.
That's not good. It means that the system's authorisation controls weren't working properly. Private -- probably commercially-sensitive -- data were accessible to competitors.
Many have taken this to mean that, though there's theoretically a risk of leakage, no domain-buyers' data have actually been accessed by an unauthorised user. But I don't buy that.
This wasn't a rushed press release: it was the second statement, adding more background information about the situation. As a follow-up communication, ICANN's statement would have been carefully-worded, as there was more time. Every nuance would have been closely reviewed. So notice the words attributed to Atallah, as we strip out the obfuscatory verbiage:
[The] glitch...has allowed...users to view [others' data].
PR spin at its finest, folks.
Richi Jennings, editor of Input Output UK, is also an independent analyst, specializing in blogging, email, spam, security, and other technology topics. His writing has won ASBPE and Neal awards. You can encircle him at +richi, follow him as @richi on Twitter, pretend to be his friend at Facebook.com/richij or just use boring old email: email@example.com.