Twice in my professional career, I have been employed by VeriSign (2009-2010 and 2013-2016) in senior roles with direct responsibility for designing and coordinating execution of policy programs that supported the company’s continuing ability to manage core Internet infrastructure, including the .COM and .NET domain name registries.  Consequently, I’ve been helping to shape ICANN policy for over a decade and, though my participation has been most often in the background, I’ve had a unique opportunity to develop an informed perspective on the peculiar dynamics at the root of the DNS.

 

Far too often, ICANN and its stakeholders are twisted like pretzels by policy minutiae and process when the public interest would be better served by a sharper focus on big-picture matters of principle.  A principled approach to consideration of this Third Amendment to the .com Registry Agreement would accurately perceive this moment as a rare opportunity for stakeholders to evaluate both the tangible and intangible benefits – as well as the offsetting costs – to the public interest that accrue from VeriSign’s management of the Internet’s largest domain name registry. 

 

An honest and forthright performance review by stakeholders is critically important for many reasons, including the public interest imperative of accountability and transparency, and it must recognize and acknowledge that ICANN is unavoidably conflicted in matters involving its contracted parties.  The recently announced investigation by California’s Attorney General into the proposed sale of Public Interest Registry along with the lucrative concession rights to operate the .ORG registry should be seen as a sign that others are becoming aware of ICANN’s conflicts. 

 

This proposed Amendment further fans the flames by creating the widespread perception that ICANN has engaged in a quid pro quo by trading approval of .COM price increases for $20 million — a stain of self-dealing that no amount of security, stability, and resiliency (SSR) whitewashing can remove. 

 

This matter, like any involving ICANN and its largest ratepayer, is made especially grim because of an aggravated imbalance between the two organizations.  On one side there is a corporation with unlimited economic resources, a reputation for behaving as an entitled monopolist, and a proven track record of thin-skinned and aggressive tendencies, including an itchy trigger finger when it comes to the creative and anti-competitive use of legal counsel and the civil tort.  On the other side is a consensus-driven debating society for smart and talented people that is preternaturally broke. 

 

We know that this lopsided state of affairs didn’t spring forth fully formed like Athena from Zeus’ forehead — so how did this happen?

 

An admittedly non-legal theory is that the 2006 settlement agreement for litigation between ICANN and VeriSign is the means by which VeriSign obtained ICANN’s acquiescence for what is now called the “presumptive right of renewal.”  Infrastructure providers in other industries often rely on presumptive renewal that enable costly investment, but usually they are also regulated and called “utilities.”  Now featured in every registry agreement, this presumptive renewal is an anti-competitive contractual innovation which has had the practical effect of granting a perpetual concession, or de facto ownership and, as the saying goes, possession is 9/10 of the law.  

 

Maybe it wasn’t possible to predict how this would develop over 15 years, but it is possible to look back now and see that this effectively neutered ICANN as a credible regulator, sold the public interest down the river, and has created the dangerous dynamic where an insecure Goliath with unlimited financial resources and a martyr complex is alternating between bullying and buying as it seeks to preserve and prolong its concession. 

 

These issues have consequences that reverberate beyond the billions of dollars distributed by contracts managed by ICANN and, in fact, determine the integrity and legitimacy of private sector-led governance at the root of the Internet.  Considering the public concern about the power of technology companies such as Google, Facebook and others, stakeholders should ask themselves: if the Internet’s core is rotten, then what can be expected at the edge but bitter fruit? 

 

Distribution of Child Sex Abuse Materials in .COM

 

The distribution of child sexual abuse materials (CSAM) is reprehensible and indefensible.  The Internet Watch Foundation, a group combatting CSAM online, reported in 2017 that 59.5% of CSAM websites reside in the .com registry, including the top 5 sites on the Internet.  In 2018, a coalition of groups combatting CSAM online wrote to ex-NTIA Administrator David Redl and said:

 

Verisign is uniquely unforthcoming. We have regularly worked and had conversations with just about every Internet company you can think of and quite a few you are unlikely to know. Only Verisign has been so utterly uncommunicative. This is a very poor show and runs completely contrary to the spirit of multi-stakeholderism.

The letter continues in strong and unmistakable language:

To put the matter plainly, it is immoral for a business to attempt to deflect responsibility by arguing these matters are the sole provenance of law enforcement and courts. As the dominant Registry in the global system, Verisign should be taking a leadership position, adopting voluntary procedures to combat online child sexual abuse.

Now, two years later in 2020, ICANN has permitted the definition of DNS abuse contained in Amendment 3 – and which applies to the largest “territory” of the Internet – to exclude CSAM. 

 

Two questions ought to be answered before proceeding:

 

ICANN will allow a “sanctuary namespace” to persist for the distribution of materials depicting the sexual exploitation of children in exchange for four easy installation payments of $5 million each? 

 

How does this accrue “for benefit of the public interest”?

 

Verifying Operational Accuracy

 

Technical proficiency has often been pointed to as demonstrating excellence in registry operations, such as statements about twenty-plus years of operational accuracy for .com.  On August 19, 2019, a hosting service provider named InfinityFree experienced an outage that they described as being caused by “a bug in VeriSign” and further summarized the matter on their website:

 

It’s not normal that domain registrars, domain owners or hosting providers are able to cause changes to the domain names of other people registered with other companies.  So this is quite a severe issue with VeriSign.  And because of that, we are not able to fix this issue for you.

 

Statements made during VeriSign’s most recent quarterly earnings call referred to increasing investment in security that were mentioned with only vague explanations and an abbreviated response to a question from a financial analyst. 

 

There are any number of things that could have happened here, including the hosting provider being completely wrong.  But considering that VeriSign apportions 97% of its free cash flow to stock buybacks rather than infrastructure investment, isn’t the public interest best served by determining if there was a technical failure of the registry before permitting the registry operator to increase its 85% gross profit margin by giving itself a raise?

 

Conclusion

 

Evaluating the Third Amendment’s benefits to the public interest shouldn’t be restricted to merely compliance with the handful of technical SLAs in the registry agreement, but should seek to measure other contributions such as the registry operator’s conduct as a corporate citizen and how it apportions the revenues generated from operating a concession for the benefit of the public interest.  Care should be taken that the financial resources and market position enjoyed by the registry operator of .COM don’t become an impenetrable moat between the registry operator and the public interest it serves. 

Lastly, it may be possible to seek a ruling from a federal court that finds the presumptive right of renewal to be inherently anti-competitive and incompatible with industry self-regulation of the DNS.  Perhaps California’s Attorney General will expand his inquiry and come to the same conclusion. This presumptive renewal and the resulting sense of entitlement causes significant harm and it should be excised from the root.