Opposed to proposed .net renewal agreement with VeriSign

[George Kirikos <gkirikos@xxxxxxxxx>]

Comments on: Proposal for Renewal of the .NET Registry Agreement
Date: May 9, 2011
By: George Kirikos
Company: Leap of Faith Financial Services Inc.
Website: www.leap.com

ICANN has posted a proposed draft renewal agreement for the operation of the 
.NET registry agreement. We oppose that renewal. In particular, that renewal 
continues to be anti-competitive and therefore does not serve the public 
interest.

(1) ICANN signed an Affirmation of Commitments which states:

http://www.icann.org/en/announcements/announcement-30sep09-en.htm

"4. ... To ensure that its decisions are in the public interest, and not just 
the interests of a particular set of stakeholders, ICANN commits to perform and 
publish analyses of the positive and negative effects of its decisions on the 
public, including any financial impact on the public, and the positive or 
negative impact (if any) on the systemic security, stability and resiliency of 
the DNS."

ICANN has not published any analysis of the financial impact of 10% annual 
increases in the wholesale cost of domain name registrations on the public, nor 
has it offered any analysis of the financial impact of continued increases. It 
has not published what the savings would be to the public if the contract was 
instead put to a competitive tender, like most procurement contracts. In a word 
where technology costs have been decreasing, domain name prices stand out as an 
area where consumers are being gouged due to bad decisions by ICANN.

NTIA has agreed with this analysis. In particular, in 2008 the following 
letters were sent to ICANN:

http://www.ntia.doc.gov/comments/2008/ICANN_081218.pdf


Page 7 of the second letter states:

"Finally, ICANN should require competitive bidding for renewal of a gTLD 
registry agreement, rather than granting the incumbent operator a perpetual 
right to renew without competitition........Indeed, competitive bidding has 
resulted in lower domain prices and higher operating specifications than what 
ICANN has achieve through non-competitive negotiations."

It does not hurt ICANN in any way to put out a Request for Proposals from other 
prospective registry operators, to see what other options exist, and in 
particular what prices could be offered that would benefit consumers. We 
believe that savings would be immense, at least 50% lower than existing fees 
charged by VeriSign to registrars. As the registrar market is highly 
competitive, we believe that 100% of the cost savings at the wholesale level 
would be passed on to consumers in terms of lower pricing.

(2) ICANN's staff and board might argue that their hands are tied, due to past 
agreements with VeriSign guaranteeing presumptive renewal. We do not believe 
this to be the case, for the following reasons:

(a) the current contracts are being challenged on anti-trust grounds by CFIT, 
and might not survive judicial review;
(b) it is incumbent upon the Board to seek out their own advice from multiple 
law firms and the US government (DoJ anti-trust department) as to whether the 
existing contracts are illegal; in particular, multiple law firms need to be 
consulted, to ensure that there are no conflicts of interest with law firms who 
have represented VeriSign in the past.
(c) ICANN should set aside that particular term in the existing agreement, and 
allow VeriSign to be the one to challenge it in court. Show some leadership, 
rather than following the failures of past ICANN staff and boards.

(3) There is a way for ICANN to remove itself from the situation with VeriSign 
completely, namely elimination of the external .NET management outsourcing 
function in its entirety, with the function instead being managed wholly by 
ICANN itself. There are two precedents in ICANN running a registry function, in 
particular (i) the root zone itself and (ii) the .INT registry.

It is our opinion that the "presumptive renewal" in existing contracts 
(including .COM, by the way) only applies *if* ICANN decided to outsource the 
management of the TLD. ICANN has a choice. Nothing compels it to outsource that 
function. The contract only says that *if* the function is outsourced, then 
VeriSign must be able to renew. In the event that ICANN decides to internalize 
the function, it is not bound by presumptive renewal, since that external 
function no longer exists. Can ICANN manage the .NET function itself? 
Certainly, as there are open source implementations of registry software, such 
as CoCCA:

http://www.coccaregistry.net/


and furthermore the actual operation of a registry is fairly well understood to 
not be "hard" technically. It's simply a real-time database, and not a big one 
at that (10 million records is pretty small, compared to other databases).

ICANN can also "break" the presumptive renewal by deconstructing the existing 
contract into 2 brand new separate contracts:

(a) a contract for management of the .NET database of names (i.e. creation of 
names, renewals, transfers, etc.), and 
(b) a separate contract for *resolution* of the zone file (i.e. servers around 
the world handling the DNS requests for the .NET zone)

Clearly, ICANN is already familiar with this method of having multiple 
contracts, because that is how the root zone itself is handled. ICANN handles 
"a", and "b" is handled by the root server operators. There is no reason why 
there couldn't be multiple parties to the "b" contract (e.g. Afilias, Neustar, 
etc.) for greater redundancy, security and stability, which would be an 
improvement on the status quo. Regular competitive tenders could be held for 
each of these new contracts, without presumptive renewal, which would lead to 
lower prices and superior service.

(4) We oppose suggestions by some parties in the community who have proposed 
stuffing the URS and other *policies* into the .NET renewal. In particular, any 
and all such policies need to go through the GNSO first. By simply putting 
these into the .NET agreement without public review, it circumvents and 
disempowers the important system of "checks and balances" that the GNSO 
represents. The URS is a ghastly proposal that is untested, and also has no 
respect for the due process rights of registrants. While such a system might 
have value in toy registries in the new TLD process, it has no place in 
production registries like .NET or .COM, where domain name registrants are 
running mission critical sites on their domain names.

(5) We oppose the use of traffic data by VeriSign, or other registry operators.

(6) We oppose section 7.1.(b) proposing that VeriSign be permitted to run 
"special programs" for registrars. As the public has seen over and over again, 
these kinds of discriminatory practices lead to gaming. If VeriSign was to 
create a special price plan for registrars in India or China, for example, 
those who wish to "game" the promotion would have little difficulty in setting 
up registrars in those jurisdictions to exploit those offerings. Indeed, 
VeriSign would be able to favour certain companies, because there would be a 
time lag due to ICANN's approval process of new regisrars. Because geographies 
was not defined, it could even be pinpointed to certain states (Arkansas, 
Wyoming, Nevada) or even cities (Tokyo, Berlin), where "friends of VeriSign" 
were located. 

Furthermore, ultimately registries only have contracts with *registrars*. These 
registrars handle registrants from all over the world. A registrar in India or 
China can handle clients in Germany, Canada, US, and so on. This idea of 
"underserved geographies", then, will be exploited and gamed. If lower prices 
were targeted to certain regions, it is trivial for domain name registrants to 
lie about their location. WHOIS is unverified (despite our repeated proposals 
that ICANN institute Verified WHOIS). Furthermore, it is trivial for companies 
to setup "shell companies" to take advantage and exploit any discriminatory 
pricing practices that VeriSign or other registries announce.

In conclusion, the principle of equal treatment of registrars *must* be 
maintained. Otherwise, registry operators will be able to punish registrars 
that they do not like.

Just to give one example of the potential for this clause to be misused by 
VeriSign as a weapon, suppose I am the only registrar in Hamilton, Ontario, 
Canada. VeriSign could announce a "promotion" that was open to all registrars 
*excluding* those in Hamilton, Ontario, Canada! By the language in 7.1.(b) that 
kind of promotion would be acceptable! In particular it would pass test (i), 
since multiple registrars are located *outside* Hamilton, Ontario, Canada. It 
would also presumably pass test (ii), which is a relatively weak test.

Thus, the language itself in 7.1.(b) can be used to punish and put out of 
business registrars that VeriSign does not like. If I can find a loophole such 
as the above in just a few minutes of reading the contract, certainly others 
could find more loopholes.

(7) The .NET registry should implement Thick WHOIS, and WHOIS that is Verified 
(e.g. PIN codes mailed to registrants, before resolution of a domain name). 
Search for "kirikos Verified WHOIS" and there are many matches in Google, e.g.

http://forum.icann.org/lists/whois-accuracy-study/msg00003.html

http://www.thedomains.com/2010/03/17/is-verification-of-identity-going-to-become-a-requirement-to-own-a-domain/


If Revenue Canada, the IRS, PayPal and online casinos can do such identity 
validation, ICANN should explain why it cannot be done in the domain name 
system.

In conclusion, we reject the proposed .NET renewal agreement with VeriSign. The 
public deserves much better. If ICANN wants to truly serve the public interest, 
and its own desire for "growth", the solution is clear --- by terminating the 
outsourcing contract with VeriSign *and* taking the function in-house, it can 
see .NET prices be cut in half (or more), saving the public tens of millions of 
dollars annually. Assuming ICANN's staff parasitically captures some of those 
"savings", it would still leave the public better off than it is today and 
leave ICANN better off than it is today.

The only party who would be left worse off is VeriSign, an anticompetitive 
monopolist who should not be protected by ICANN's decisions.

Sincerely,

George Kirikos
President
Leap of Faith Financial Services Inc.
http://www.leap.com/