Our response offers general comments on the proposals set out in the consultation document, rather than addressing the consultation questions specifically.
We understand the interest in improving security online, and the consequent benefits for the confidence people have in online encounters.
However, we do not believe that the proposed solution fits the problem. It is unclear that a .uk domain is the answer to the problems identified in the consultation document. We believe there are better ways to address a need to improve security and consequently help boost the confidence people have in online transactions.
Further, we see a number of problems with the .uk domain proposals:
- The creation of a 'walled garden' that would undermine confidence in the rest of the UK domain space including .co.uk
- The imposition of additional cost burdens on website operators, which are likely to be particularly significant for SMEs
- The positioning of Nominet in an inappropriate role, by setting them up as arbiters of trust online and giving them additional and somewhat unchecked powers. This would effectively create for Nominet a monopoly over 'trust' and security in the UK domain space.
These proposals involve exploiting Nominet's position to create from nothing new online 'real estate'. The proposed powers and security offerings would enable Nominet to create a trusted gated community with that real estate (or at least the perception of such), thus inflating its value in relation to other domains. This would be something of a commercial coup for Nominet and registrars. They would be the primary winners from the proposals.
We support Nominet being a registry, rather than a police force. That is to say, a role for Nominet in which they support the 'general' implementation of DNSSEC, but not an extension of their role via these .uk proposals into being an arbiter of 'trust'.
- What is the problem?
We would like to see more evidence of the problem that these proposals are designed to address.
For example, evidence of the levels of consumer trust in online services, how this has changed over time and the causes of any change. At the moment, it is not clear that there is a compelling case for a .uk service – or more specifically, for a belief that a .uk service is the right answer to the problems with security and trust online.
- Malware monitoring, DNSSEC and a 'trustmark'
The proposals for Nominet-managed security services for .uk sites put Nominet in an inappropriate position, giving them additional and unchecked authority and setting them up as an arbiter or trustworthyness online.
Further more, these proposals do not require a .uk domain to implement. It would be, of course, quite possible to offer services to establish, for example, whether a company is registered in the UK, without the need for a .uk domain.
- Walled gardens and Nominet's role
Through these proposals we are concerned that Nominet would effectively be using their position to create a 'walled garden' that will inevitably seriously undermine other domain space such as.co.uk, and could undermine the market for online security services.
This 'walled garden' would be problematic precisely because of the role Nominet enjoys and the additional powers and services it is proposing. Given the status of trusted authority and security provider to which Nominet aspires, some consumers may reasonably conclude that only services with a .uk domain are trustworthy.
That would damage the perception of those websites who choose not to take up the service. We are concerned this would effectively see website operators held to ransom and pressured into operate through a .uk domain. It could also effectively create a sort of monopoly over trust and security online.
We would instead encourage more work helping promote security solutions more generally, such as working towards the broader adoption of DNSSEC. As noted above, neither improvements in security or the development of a 'trustmark' require the creation of a .uk service.
Nominet's should be a role of minimal centralisation. There would be an inevitable ghettoisation of the 'UK' Internet if Nominet combine domain administration with bespoke online security.