Federal Domain Name Policy for .Gov Websites is Putting People at Risk

Michael Olenick of West Palm Beach, FL was so irritated with his experience on ‘fafsa.com’ that he created a petition in an effort to prompt an investigation into the website’s practices.

FAFSA, or the Dept. of Education’s “Free Application for Student Aid” has two legitimate websites ending in .gov and .ed.gov, but the .com address has allegedly been using predatory financial practices for years.

Olenick claims that the website has been misleading students applying for financial aid into paying $79.99 for a service that the government provides for free.

Fraud, deception, and other predatory practices are unfortunately prevalent on the Internet, but the practice of deceiving consumers with websites using government names is avoidable.

What is becoming clear is that the current domain name policy implemented by the federal government for .gov websites is creating some unintended consequences and could be directly related to encouraging bad behavior on the Internet.

How did the Digital Government Strategy affect .Gov Websites?

In 2012, the United States released its Digital Government Strategy, which outlines the steps being taken to improve the quality and efficiency of government services online.

As a part of this initiative the General Services Administration, the agency that is responsible for registering second level names under .gov, implemented the “no new domains” policy.

Under this policy, federal agencies can no longer obtain new second-level domains unless they are afforded an exception. This exception is typically done on the grounds of consolidating websites.

The policy also reinforced the standing registration rule that all government domains must use .gov and cannot use top-level domains such as .com and .net. Thus ensuring all agencies are .gov websites.

The federal government created this system of consolidation and standardization of federal government websites to deliver better digital services. Having a consistent, tightly controlled gTLD like .gov helps the federal government ensure authentic, accurate information is getting out to Internet users.

However, the “no new domains” policy, as well as the lack of a large public awareness campaign about .gov websites, has inadvertently fostered some problems for Internet users.

The Exploitation of .Gov Websites

The Internet is full of examples of websites that appear in some form or another to be official government sites, but aren’t.

If a veteran seeking assistance from the Department of Veterans Affairs (VA) mistakenly navigates to ‘va.org’, he or she will discover content that is as relevant as it is potentially misleading.

In another example, taxpayers may navigate to IRS.com and believe that they are on the official Internal Revenue Service website.

These sites appear to be related to the VA and the IRS but they exist to generate revenue and may be looking to take advantage of unsuspecting users.

The delegation of nearly 1,400 new generic TLDs currently underway will certainly create the potential for greater confusion. The U.S. government must be cognizant of the frequency at which these websites will emerge and the severity of the scams involved.

There are a variety of potential misuse cases, several of which are highlighted by these examples:

• CIA.agency
• EPA.careers
• IRS.claims
• SEC.email
• VA.services

Any of these domains could be linked with solicitation, extortion, or even fraud if they fall into the hands of nefarious actors.

A Path to Consumer Safety When it Comes to .Gov Websites

There is some good news. The government has already completed a sizeable amount of work in auditing the entire .gov websites portfolio.

The current number of registered names has been reduced by nearly 25% and every state, including the District of Columbia and nearly every U.S. territory has an operational .gov website.

This type of audit is a critical first step towards creating a domain name portfolio that reduces the potential for consumer harm when it pertains to .gov websites.

Taking into account that consumer behavior is difficult to predict, there are measures that can be taken to protect customers without compromising the work already underway:

1. Develop a public awareness campaign to educate customers. In the case of the U.S. government, the campaign would communicate that official federal government information is only found on .gov websites
2. Consider cleaning up the Internet by obtaining websites in other top-level domains, such as .com, that are directly related to government agencies and programs, but are misleading customers
3. Register agency trademarks with the Trademark Clearing House and participate in sunrise and land rush periods during the launch of new generic TLDs

As the Internet continues to expand at an unprecedented rate it is in everyone’s best interest for federal agencies to control as many relevant points of entry as possible on the web.