Home / Blogs

The Netizen’s Guide to Reboot the Root (Part II)

Rampant dysfunction currently plagues the Internet’s root zone where a predatory monopolist has captured ICANN and is bullying stakeholders. This harms the public interest and must be addressed—here’s how.

Introduction: Why the Internet Needs Saving Now

The first part of this series explained how Amendment 35 to the NTIA-Verisign cooperative agreement is highly offensive to the public interest. But the reasons for saving the Internet are more fundamental to Western interests than a bad deal made under highly questionable circumstances.

One of the world’s foremost experts on conducting censorship at scale, the Chinese Communist Party’s experience with the Great Firewall—which requires censorship checkpoints at each physical place where data flows across China’s national border—has offered object lessons to all would-be tyrants that inefficient censorship is unideal and easily circumvented with readily-available software tools. It would be foolish to believe that China and others aren’t looking at ways of improving the efficiency and efficacy of censorship—including by looking further up the Internet “stack.”

The Internet is the global communications medium but, as a distributed network of networks that is designed to be massively redundant and where participation is entirely voluntary, there is no single point of failure and, consequently, no single choke point for controlling content with censorship. The next best thing, however, is a centralized domain name registry that offers the ability to not just block undesirable content, but to make it cease to exist.. This would make circumvention a moot point by leaving nothing to be accessed by getting around content blocking.

Doubters should consider Amendment 35 to the .com cooperative agreement where, amidst a terribly awful deal, the Commerce Department insisted that .com remain content-neutral. This clearly recognizes the threat of registry-level interference with content. Some engineers and others argue that users can point somewhere else if censorship becomes an issue. But this is a mackerel in moonlight that both shines and stinks at the same time. This is because, while technically true, the reality is that changing a single domain name is an extremely rare occurrence because of the massive effort and expense required to change habits, programming, and learned behaviors.

Just consider the recent history of over a thousand new top-level extensions and non-ASCII Internationalized Domain Names IDNs—such as Cyrillic, Hebrew, and Hangul scripts—which have required a significant Universal Acceptance effort that is still ongoing. Only in an ivory tower would changing a major domain name registry or the entire DNS be thought of as feasible. Even more alarming is to consider whether we would even know that such a change had become necessary.

It may be that we have already witnessed a major attempt to take control of a populous and popular legacy registry: Ethos Capital’s attempt to buy control of the .org registry from the Internet Society (ISOC) in a closed-door transaction worth more than a billion dollars. Even at this lofty sum, .org wasn’t being sold to the highest bidder—rather, it was being sold to whomever ISOC felt like selling it to. The transaction failed when ICANN’s board unexpectedly declined to approve the change of control that is required by the .org registry agreement. Several former senior ICANN executives were involved in the transaction—including ex-CEO Fadi Chehade who was presented a consultant to the deal but, it later was revealed, is actually co-CEO of Ethos Capital. Meanwhile, the sources of funding for the acquisition—nearly a billion dollars—remain shrouded in mystery.

With that in mind, let’s get to the second part of saving the Internet in three simple steps.

Ctrl-X: Delete Presumptive Renewal From Registry Agreements

In addition to addressing the terribly awful Amendment 35, the U.S. government also must step in and do what ICANN cannot do for itself since becoming neutered by terms of a 2006 settlement agreement that ended litigation with Verisign. This agreement established Verisign as the de facto .com registry operator in perpetuity in exchange for a pittance paid to ICANN. This may be the first lopsided quid pro quo between ICANN and Verisign—the original sin, perhaps—although any casual observer knows that it wasn’t the last.

Following this 2006 settlement, ICANN became unable to counterbalance its contracted parties effectively. This became even more, the case after presumptive renewal became a standard feature of DNS registries and included in every registry agreement. Without the threat of Armageddon—namely, termination of rights to operate a registry—there is no meaningful oversight and a legitimacy gap has formed in the cavity left by the resulting accountability vacuum and which is poisoning everything.

Consider that presumptive renewal is usually seen with utilities, and the rationale is straightforward: a utility company is granted a monopoly in exchange for active government regulation, particularly on pricing; a utility makes large infrastructure investments in exchange for the assurances provided by presumptive renewal. However, this equation doesn’t work without active regulatory oversight, and the whole edifice becomes rotten when infrastructure investment isn’t ongoing but, as Klaus Stoll recently reminded readers of Capitol Forum, was amortized and depreciated long ago.

It is worth noting that governance integrity often deteriorates slowly as most people operate by established rules from habit, and it takes time for the mice to catch on that the cat’s away. Also, these mice aren’t stupid, and they know their interests aren’t served by drawing attention to the anti-competitive bacchanal of profiteering that is occurring in the absence of appropriate oversight. Then, factor in that the root is arcane and technical, that there were no known operational failures, and that many are complicit by obscuring deliberately what has been going on, and that’s how time flies to 2021, fifteen years after ICANN became a eunuch when everything seems broken, and everybody is pissed off, but nobody knows how to fix the problem—or maybe even why they’re pissed off in the first place.

The U.S. government should incubate a renewal of governance legitimacy by asking a federal judge to find that presumptive renewal is inherently anti-competitive and that such language should be removed from registry agreements. Precedent for this is found in a 2010 ruling by the 9th Circuit of the U.S. Court of Appeals, in CFIT v. Verisign, which found that the .com registry agreement’s presumptive renewal combined with the power to increase prices by up to 7% in four out of every six years plausibly indicates an anti-competitive conspiracy.

ICANN has repeatedly taken the position recently that it is not a price regulator. This is just about the biggest load of baloney and completely contradicts the premises under which ICANN was formed and the expectations that were set by the U.S. government and others as to the oversight role that “NewCo” was supposed to play in the DNS. ICANN’s position has nothing to do with benefitting the public interest and everything to do with the reality that it is an organizational eunuch that overlooks its oversight responsibilities because presumptive renewal leaves it without any real enforcement mechanism. In short, it is cowed by fear of further predatory litigation by Verisign and, by seeking to avoid it, hangs the public interest out to dry.

No bueno.

There is an argument to be made that non-legacy registries face significantly more competitive operating environments and, as such, should maintain presumptive renewal in their agreements with ICANN. This author takes no position either for or against such an eventuality. However, the current presumptive renewal that is in all registry agreements is indelibly tainted by the circumstances in which Verisign and ICANN settled litigation in 2006. For presumptive renewal to have any legitimacy moving forward, it must be the product of deliberate community policy development following a judicial ruling that finds presumptive renewal combined with pricing power to be inherently anti-competitive and voids it from registry agreements.

It should be noted that one or more private parties can attempt to accomplish this by pursuing legal action against Verisign and ICANN—as noted earlier, it has been done before in CFIT v. Verisign. Significantly, a private party class-action lawsuit can seek to be awarded monetary damages. The Internet Commerce Association has estimated that registrants overpay for .com domain names by $1 billion every year. Since antitrust laws allow for awarding up to four years of damages trebled, a quick non-legal, back-of-the-envelope calculation reveals that a private party class-action lawsuit on behalf of all .com registrants might potentially seek damages somewhere in the neighborhood of $12 billion.

U.S. Senator Everett Dirksen is rumored to have once said, “a billion here, a billion there, sooner or later you’re talking about real money”—perhaps the germane question is: will the next CFIT please stand up?

However, the downside of a private party suit is that potential litigants will do as CFIT did when they brought an antitrust suit a decade ago—settle and leave the job unfinished. This would be dangerous, and the root zone of the global Internet is too important to be left to the vagaries of private party class-action litigation. The U.S. government bears the responsibility for renewing root zone governance because it originated the Internet, installed the system of governance, indulged it, and ignored it, before unleashing the resulting warped monstrosity into an unsuspecting world after Fadi flew in on his magic carpet and cooked up some NetMundial nonsense in Brazil with now-disgraced Dilma.

Contrary to a recent commenter, who wrote, “if it ain’t broke don’t fix it,” more appropriate here is the old saying, “you break it, you buy it.” While the U.S. Government didn’t necessarily break DNS governance, per se, it more than any other set the circumstances in which the dysfunction persists. It should act to fix the mess by hitting Ctrl-X and removing presumptive renewal from the root—Internet freedom may very well hang in the balance.

Stay tuned for the third simple step for saving the Internet—Ctrl-O: Open the Internet’s Largest Registry to Market Competition. Also, be on the lookout for a post uncovering mysterious events from this past September that involved inexplicable and wild pricing adjustments, disappearing domain name registrations, and altered WHOIS records—all related to .com transliterated IDNs. For a sneak peek, check out Z.??? at 101domains.com—the full story is coming up next!

By Greg Thomas, Founder of DNSDecrypt

Greg Thomas is founder of DNSDecrypt and author of How to Save the Internet in Three Simple Steps: The Netizen’s Guide to Reboot the Root. The views expressed in this article are solely those of Greg Thomas and and are not made on behalf of or for any other individual or organization.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign


Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC