Re: [gnso-vi-feb10] "Not in your own TLD" = lipstick on a pig

[Volker Greimann <vgreimann@xxxxxxxxxxxxxxx>]

 Hi Jothan,

> All said, I have been pretty consistent about expressing that a 'Not
> in your own TLD' will be problematic.
I am not happy either with the "not in your TLD"-rule for the opposite 
reason, but it is a rule I can live with. Ideally, no such restriction 
will be required.
I disagree with your view that such a rule will necessarily be window 
dressing. Effectively, it will come down to compliance enforcement. Any 
policy we suggest will have to be enforced eventually. An unenforced 
policy or a rule without policy  _would_ be window dressing.
You make valid points on how this rule may be circumvented, all of which 
could however be excluded in the final ICANN agreements, resulting in 
stiff penalties for violations. Any rule we set up, would necessarily 
have to be "clothed" in contractual language to that effect.
> As I look at some of the stated harms that could occur if a registrar
> becomes a registry, it seems to me almost all of them can still occur
> in the presence of a rule  to prevent the registrar from 'selling' its
> own TLD:
I still hold the opinion that each and every one of these harms can just 
as easily occur with full vertical seperation. A registry may simply 
conspire with an independant registrar to abuse their combined power in 
a 100% identical manner, sharing the profits between them. The solution 
to address the harms therefore cannot be not vertical seperation, but 
policy building, defining possible harms and addressing them with 
sensible precautions.
> By way of example, let's say registrar 'A' operates the registry for
> .WEB and registrar 'B' operates the registry for .INC.  Here are just
> a few examples how harms could occur even though the cross owned
> registrar  does not sell the TLD:
>
> a)    Registries often have play trusted role as a 'judge' between
> conflicting registrars.  The registry often is in the position to be
> the fail-safe point for registrar bad actions.
Interesting point. In my experience most gTLD registries currently take 
a hands-off approach regarding conflicts between registrants and 
registrars, i.e. letting parties work it out between themselves 
according to ICANN policies. I agree, registries can take up that role, 
but effectively, I have not seen them do so.
>   'A' would ALWAYS decide .WEB TDRPs in favor of 'B' and 'B' would
> ALWAYS decide .INC TDRPs in favor of 'A'.
You are assuming registrars and registries operate outside the scope of 
the law. Any decision taken by a registrar can be contested in court if 
the decision is found to be injust by the registrant.I have a hard time 
seeing your example become reality, and even in the case it did, 
registrants or other registrars would always have possible recourse via 
ICANN compliance and the law.
> b)    A similar issue might emerge within handling of UDRP/ URS.
>
> 'A' and 'B' COULD conceivably agree to a reciprocal deal in which they
> thwarted UDRP judgments in each others TLD (for example -  via the
> geographic location of an owned registrar  as described in first
> reference posting above).
Actually, from what I heard from WIPO, there seems to be registrars 
doing that all on their own already. No vertical integration necessary 
for that harm. Anyway, a patter would soon develop that could be tracked 
by the UDRP service providers and then brought to ICANN in form of an 
investigation request. It is evident to the UDRP providers if a 
registrar subverts their decision, as the winning party will likely 
complain resulting in compliance action.
> c)    Non-discriminatory treatment of registrars can and has be
> thwarted by discrete reciprocal marketing deals - e.g. 'A' gives 'B' a
> preferential deal on .WEB names if 'B' gives 'A' a preferential deal
> on .INC names.
>
> It can also be thwarted by registrars concealing their ownership of
> resellers in that TLD - e.g.  it will be extremely difficult, if not
> impossible, to detect that registrar A owns resellers of .WEB names.
Such deals would be direct violations of the equal access provisions and 
dealt with accordingly. I admit, such deals may be hard to follow up on, 
but the same case would exists when a registry would offer such favored 
conditions to a vertically seperated registrar for special consideration.
Your second point could also be used to violate any co-ownership 
limitations, i.e. a registrar concealing their ownership of a registry. 
It would therefore be _just as "difficult, if not impossible, to detect 
that registrar A owns" the registry "of .WEB names"_. Taking the essence 
of your argument at face value, is it not also an argument that the 15% 
limitation proposed "on the RACK" is also just window-dressing?
You are assuming an almost criminal intent to violate the a provision, 
which should in my view immediately lead to the deaccreditation or 
suspension of the registrar. Any provision can be circumvented and the 
rules need to reflect that and have checks and penalties in place to 
react properly.
> d)    Tasting/ Front Running -   As it sees all check commands in
> .WEB,  registrar 'A' can taste or front run this second level string
> in other TLDs (on the premise that a registrant who is interested in
> the string in .WEB might also be interested in the string in other
> TLDs).
The registry intent on violating their obligations may just as likely 
sell the same data to interested registrars, resellers of registrars, 
domainers, anyone really, for a kickback on the profits. Why is this an 
argument against VI or "not in your own TLD"? Any registrar interested 
in the long haul will not act this way as it will come out eventually, 
and it will lose them their credibility with its customer base, not to 
speak of the contractual penalties such behavior should evoke.
> Beyond these, I think it is possible to go through nearly every harm
> we will list in the 'harms' documents, and narrate a reasonable or
> existing scenario that shows a 'not in my TLD' exception does not
> serve to mitigate the harm.
Likewise I can go through each and every harm on the list and show you 
how it is just as possible, just as likely to happen with full 
separation in place.
> I understand some of these harms can also
> be caused by contractual relationships,  rather than by cross
> ownership.
Exactly.
> There is an order of magnitude greater likelihood the harms will occur
> from bad actors in a fully cross-owned environment where control
> between registry and registrar is absolute (and not simply by
> contract).    If one owns an asset, one inevitably has more control
> over how it is used.  One would also have greater control over how
> transparent or opaque its activities are to other parties.  I am not
> suggesting that any actors who support 100% cross ownership are
> proposing anything in order to game a system nor that such an
> ownership is completely problematic.
I do not agree with this statement. The likelyhood does not increase or 
decrease with vertical integration. It may be slightly easier to set up 
with a vertically integrated registrar, but in the end the possibilities 
for abuse are the same. I am not suggesting that any actors who support 
100% or 85% separation without any further controls are proposing 
anything in order to game a system, of course.
> My point is that 'not in your own TLD' is essentially the same pig,
> but with lipstick on.
The same however can be said for any other proposal, from the board 
decision of no separation via the 15% ownership limit of RACK. Once we 
accept the fact that the only difference between vertical integration 
and separation is the likelyhood of abuse, every suggestion becomes 
lipstick on a pig if it does not address the harms and proposes a 
general rule.
From the start of this WG, Key-Systems has favored an open approach 
allowing full 100% integration, as such an approach will force all to 
contribute to building the rules to prevent the abuse, make it harder, 
and punish the abusers, instead of reducing the likelyhood from, say 25% 
to 20%. Simply reducing the likelyhood by a few percentage points will 
be insufficient.
We have learned in the realm of ccTLDs that VI is not only possible, but 
often in the best interest of the consumer. .de domains just as .at 
domains are not deleted when they expire, they go to the fully 
integrated registrar instead, allowing the registrant one further 
opportunity to recover their domain. In fact, the more open a registry 
was in any respect, the more successfull the TLD has become.
> The IPC, I think said it well here --   (...)
The IPC, with all due respect cares nothing for the well and being of 
new TLDs. They are interested in the IPC and its members. The more 
restrictive the policy, the better for them. Even better would be no new 
gTLD as many IPC members are on record of demanding for a long time.
The IPC model basically states: "We want something for ourselves which 
no one else can have. Others cannot be trusted with vertical 
integration, but we - as brand owners - can, because no brand owner 
would ever think of abusing their customers or the general public."
>   PIR also said it well  - "The proposed experiments in the Report do
> take account of the risks of self-dealing by registrars that own
> registries. The Report attempts to deal with these by proposing to
> prohibit registrars from offering registrations in a registry that it
> owns. This would be totally ineffective; there are now almost 900
> ICANN accredited registrars.The identities of the real parties with
> interests in most of them are not public information. It would be all
> too easy for (the owners of) registrars to create new shell registrars
> to evade this prohibition by monopolizing or restricting access to
> registrations in the registry owned by the original registrar. The end
> result would be a severe negative impact on competition among
> registries and among registrars.
Their comment however forgets that the same possibility exists for 
registrars or registries violating any ownership limitation. A nominally 
fully vertically separated registry (or registrar) may just as well set 
up a set of shell companies "to evade this possiblility by monopolizing 
or restricting access to registrations in the registry". Is their 
conclusion therefore that we should have no new gTLDs? No, they just use 
the basic argument for part of the point it really makes.
With an open approach on the other hand, there would be no incentive to 
hide your affiliation, no need to hide your ownership.
> As we assess the various harms I believe we need to be aware that the
> 'as long as its not in my own TLD' exception will not really mitigate
> any of the harms but rather has the potential to spawn a myriad of
> complex and opaque back room deals to route around them.
The same goes for any form of vertical separation, of course.
> I remain convinced that it is a bad idea to place a 'not in your own
> TLD' restriction in place in the presence of any % of ownership (and
> I am not suggesting opposition to any % of ownership - just a silly
> rule) that the board in its wisdom would grant in the final
> applicant guidebook this year.
Concluding, I fully agree that any % of ownership limitation is a silly 
rule given the opportunities to circumvent or obfuscate it.
Best regards,

Volker