ICANN CEO, Self-Described ‘Paranoid,’ Warns of Online Banking Risk
ICANN’s CEO has so little confidence in the security of online banking that he uses a “dedicated laptop” that’s connected to the Internet “maybe two minutes a week” for all financial transactions, Rod Beckstrom said on the C-SPAN program The Communicators over the weekend. He predicted, contrary to the vocal concerns of business groups and even the U.S. government (WID Dec 22/08 p2), that the expansion of generic top-level domains (gTLDs) would make the Internet safer for consumers and businesses.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
“In the short term, things have been getting worse” as more-sophisticated threats and the sheer number of viruses increase, Beckstrom said: The Conficker worm that so alarmed governments around the world is still installed on 3 million to 5 million computers. Wrongdoers are “networking very well” across borders, teaming up to commit financial crimes on the Internet. “I think we should all think twice before doing all our banking online,” Beckstrom said, cautioning that he wasn’t telling Internet users to drop online banking completely. “It’s not a bad practice” to use one inexpensive computer, such as a netbook, for all financial transactions and nothing else, Beckstrom said.
“Maybe my paranoia increased,” Beckstrom said of his time as a cybersecurity chief at the Department of Homeland Security, but “you really get a sense of the scale” of cyberattacks from that perch. Keystroke loggers can be downloaded by simply viewing a compromised image or video, he said. Beckstrom said one of his credit cards was compromised recently and his bank hadn’t told him how it happened, but he guessed that someone had broken into a computer system that stored his data.
“My gut sense is that overall” the increase in gTLDs will increase security, Beckstrom said. Applicants for new domains will have to sign a formal contract and agree to security standards, such as the DNS Security Extensions and IPv6, that previous operators could ignore, he said. “We can’t dictate or develop security standards” for the 240 country-code TLD operators, because of “sovereignty” issues -- but ICANN can apply “quality control” to new operators. “We're not going to approve any applications of typosquatting parties,” and ICANN will do extensive background checks on applicants and their histories in court, he said. Perhaps the biggest result so far is that businesses are increasingly involved in ICANN discussions, which is a good thing, Beckstrom said.
The rollout of internationalized domain names (IDNs) will bring security problems, but those come “with any new technology,” Beckstrom said. The domain names won’t do much to increase the presence of big global brands: ICANN’s testing has shown the biggest uptake is by small businesses and local organizations. It’s not a bad thing that “larger pockets of content” will be separated from the Latin-character Internet, he said. “From our standpoint as Westerners it might seem fragmented,” but IDNs will actually contribute to “Internet unity,” dissuading other governments from “forking the root” and developing their own Internet. Russia’s formal absence from ICANN has more to do with “subtle legal issues” that the parties are discussing, and China’s rejoining ICANN’s Governmental Advisory Committee during the summer was a “major development,” he said.
Beckstrom played down ICANN’s influence in any particular decision. “We have to be like Switzerland,” taking purely defensive measures to protect the Internet’s security and dealing even with hostile governments like North Korea’s. “Everyone has some presence on the Internet,” he said. “It’s a tricky game we have to play of staying in the middle.” Beckstrom said he left DHS months before joining ICANN because he missed his family in California. He didn’t mention that he had accused the National Security Agency of trying to “subjugate” his division (WID March 10 p7).