Home / Blogs

Did ICANN Over Regulate VeriSign?

CircleID recently interviewed Jonathan Weinberg, Professor of Law at Wayne State University to discuss legal and regulatory issues that have been raised against Internet Corporation For Assigned Names and Numbers (ICANN). VeriSign, the registry operator of the two most popular top-level domains .com and .net, filed a lawsuit against ICANN on February 26, 2004 complaining that the Internet regulatory body has extended “its authority beyond the scope of its contracts”. Did ICANN cross its contractual boundaries? To what extent does ICANN’s contract limit its technical coordination functions and how much of a threat does VeriSign’s lawsuit impose? Jonathan Weinberg explains.

CircleID: VeriSign’s lawsuit filed against ICANN last month has brought a number issues into the spotlight. Of course, at the forefront, we have the heated controversies concerning VeriSign’s plans for offering profitable registry services, such as Site Finder and WLS. And fundamentally, the regulatory power of ICANN and its internal decision-making process are once again strongly questioned. VeriSign’s VP of government relations, Tom Galvin, has been quoted saying:

“The heart of this is a contract dispute. ICANN has been attempting to extend its authority beyond the scope of its contracts.”

Is ICANN surpassing the boundaries of its contract with VeriSign? In other words, is ICANN over regulating?

Jonathan Weinberg: ICANN came into existence with unclear authority and shaky legitimacy. Network Solutions Inc. [NSI Background] declined to recognize that authority; it held the COM, NET, and ORG registries for ransom, noisily (and incorrectly) asserting that it had the legal right to operate them in perpetuity without regard to anyone else’s wishes. Because the US government’s own authority over the DNS was murky, there was no good way to resolve that mess until finally, in November 1999, all three parties (ICANN, NSI, and the US government) got together and cut a deal. In return for ICANN’s preservation of lucrative NSI monopolies, NSI agreed to recognize ICANN’s authority to a limited degree, and ICANN and NSI signed a contract that purported to define ICANN’s authority precisely. The current version of that contract was signed in May 2001. So we’re in the odd position that the scope of ICANN’s authority over VeriSign—a question crucial to the management of the DNS, whose answer one might have thought was found in some statute or treaty or IETF document—instead depends, legally, on the wording of the contract embodying the 1999 ICANN-NSI deal, as updated in 2001.

Throughout the history of the ICANN-NSI relationship, it’s often been hard to tell which of the two was the worse boogeyman. My friend and colleague Michael Froomkin believes that ICANN continues to be by far the more threatening. But it seems to me right now that we need some effective institutional mechanism to protect the DNS from an aggressively for-profit VeriSign seeking to monetize its control of the largest registries. For all of ICANN’s flaws—and they are many and worrisome—it may be better suited than any other institution to carry out that role.

CircleID: In its recent lawsuit against ICANN, VeriSign has stated:

“This brazen attempt by ICANN to assume “regulatory power” over VeriSign’s business is a serious abuse of ICANN’s technical coordination function, a blatant breach of the registry agreement, and an interference with VeriSign’s contractual relations and prospective economic relationships.”

Obviously VeriSign believes that ICANN’s technical coordination responsibilites do not include regulating its business decisions regarding the commercialization of the .com/.net registry. In your opinion, what kind of “regulatory power” should ICANN be given?

Jonathan Weinberg: Going back again to ICANN’s creation: We set out on the long road leading to ICANN-land because of the negative effects of NSI’s monopoly. ICANN was tasked with breaking down that monopoly. It was to introduce competitive registrars to COM/NET/ORG, and it was to authorize new gTLDs. ICANN did fine with the first task, but it messed up the second. That other unsponsored gTLD registries today are so few and so unsuccessful has allowed VeriSign’s continued market dominance. The consuming irony here is that ICANN’s failure to enable competition to VeriSign means that we still need someone to ride herd on VeriSign, and ICANN’s who we’ve got.

CircleID: Whether the proposed services such as Site Finder and WLS are good or evil, it appears that legitimacy of such services (and their eventual existence) boils down to the terms and conditions stated in the contractual agreement between ICANN and the Top-Level Domain (TLD) registry, in this case VeriSign. There also appears to be some disagreements on what classifies a service as “Registry Service”. Can you share with us your understanding of this conflict and whether VeriSign’s “Registry Services” are indeed in violation of its contract with ICANN?

Jonathan Weinberg: The key contractual language implicated by the power struggle between ICANN and VeriSign provides that VeriSign may not provide any new “registry service,” for a fee, without negotiating an amendment to the contract. This means that VeriSign is free to take a new action or to implement a change to the operation of the registry only if the action is not the offering of a new “registry service” for a fee, and doesn’t violate any other provision of the contract. How can we tell whether an action amounts to offering a new “registry service”? Well, the contract does contain a definition. It says:

“‘Registry Services’ means services provided as an integral part of the Registry TLD, including all subdomains. These services include: receipt of data concerning registrations of domain names and nameservers from registrars; provision to registrars of status information relating to the Registry TLD zone servers, dissemination of TLD zone files, operation of the Registry zone servers, dissemination of contact and other information concerning domain name and nameserver registrations in the Registry TLD, and such other services required by ICANN through the establishment of Consensus Policies…”

VeriSign argues that this language limits “registry services” to the particular activities listed in the definition. ICANN argues that the activities listed in the definition are just examples, and that the reference to “services provided as an integral part of the Registry TLD” means that the category should include any service (like, say, WLS) that the registry operator, by virtue of the fact that it operates the registry, is able to provide on a monopoly basis. Who’s right? If this case goes to trial, a judge will decide.

CircleID: The following statement has been made by VeriSign in its filed complaint against ICANN:

“The foregoing course of conduct places VeriSign at a competitive disadvantage in comparison to other gTLDs under contract with ICANN that have been allowed to offer and market similar, competitive services without the same restrictions, delays, and impediments that ICANN has placed on VeriSign. This conducts as a breach of ICANN’s obligations under the 2001 .com Registry Agreement…”

How damaging is this to ICANN? Should they be concerned?

Jonathan Weinberg: The contract obligates ICANN to “not apply standards, policies, procedures or practices arbitrarily, unjustifiably, or inequitably and not single out Registry Operator for disparate treatment unless justified by substantial and reasonable cause.” But I don’t think this is especially powerful for VeriSign. True, VeriSign can point to the fact that ICANN has allowed registry-level wildcards in MUSEUM, but not in COM and NET. But it’s not difficult to identify reasons why wildcards are more problematic than in COM than in MUSEUM—and in any event, it’ll be tough for VeriSign to argue with a straight face that it’s been competitively damaged by losing registrations or search traffic to the minuscule MUSEUM domain. Fact is, all of the new gTLDs have ample reason to complain about ICANN’s processes; VeriSign hasn’t been singled out for persecution.

CircleID: The ICANN-VeriSign contract, according to the terms of the Registry Agreement, expires on November 10, 2007. Any predictions on what may happen to the .com/.net registry management come 2007?

Jonathan Weinberg: The contract was carefully drafted to provide VeriSign with near-perpetual control of the registries. It provides that ICANN must renew unless [1] VeriSign is in material breach of its contractual obligations; [2] ICANN reasonably determines that VeriSign, as registry operator, “has not provided and will not provide a substantial service to the Internet community”; [3] VeriSign is “not qualified” to serve as registry operator during the renewal term; or [4] VeriSign plans to charge consumers an unreasonable fee for registrations once its contract is renewed. ICANN knows that VeriSign will litigate if ICANN shows any sign of declining to renew; as a practical matter, the only argument that would be available to ICANN in 2007 would be that VeriSign is in material breach of its contractual obligations. But what are VeriSign’s contractual obligations? That’s exactly what this litigation should resolve. If VeriSign wins this lawsuit, then plainly ICANN will have no legal basis on which to decline to renew the contract; and if the two parties settle, then VeriSign’s post-2007 control over the COM and NET registries will likely be a term of the settlement. Only if ICANN wins this lawsuit decisively is there any possibility that it would seek to remove VeriSign in 2007—but even then its argument that VeriSign is in material breach will be weak (VeriSign will point out that it chose to litigate instead of disobeying ICANN), and ICANN will likely conclude that the battle will be more trouble than removing VeriSign would be worth.

CircleID: Going back to ICANN’s internal-decision making process, VeriSign’s Association for Competitive Technology (ACT) President Jonathan Zuck has been quoted saying:

“ICANN has become a black hole. Proposals for innovation go in and nothing comes out. Services that could benefit millions of Internet users such as internationalised domain names, wait listing and the consolidation of domain name renewals have been bogged down for over two years within the ICANN bureaucracy. While the need for thorough review of new technologies is critical, the process cannot be a black hole from which no innovation and no decisions ever emerge.”

Do you agree?

Jonathan Weinberg: Well, yeah. ICANN has no defined process for decision-making; it is a black hole. (Whatever happened to the promised SECSAC report on Site Finder?) There’s no way to tell how long it will take to get an answer to a request. There’s no independent review process. ICANN lacks constraints and accountability, and that’s made it possible for it to avoid getting its act together regarding process: The ICANN decision-making process borrows some of the worst features of government, without sharing any of government’s virtues. (On some of the parallels between ICANN and government, see Andy Oram’s wonderful recent ICANN and Iraq essay.) So there’s a whole lot for VeriSign and others to complain about. But I don’t expect the VeriSign lawsuit to solve these problems. The VeriSign lawsuit doesn’t address these flaws except by seeking to divest ICANN of any power to restrain its activities, whether by process good or bad.

CircleID: In a section titled, “Violation of Section 1 of The Sherman Act” from VeriSign’s recent complaint, the following statement seems to suggest that other parties, in addition to ICANN, may also be held legally responsible for the interruption of its Site Finder service:

“VeriSign is entitled to preliminary and permanent injunctive relief prohibiting ICANN, its officers, directors, employees, agents and others acting in concert or in association with it, from directly or indirectly taking any action, or engaging in any conduct, to promote, effectuate or enforce its Suspension Ultimatum with respect to site Finder or otherwise to interfere with, limit, restrict, impede, or delay the implementation and operation of Site Finder.”

While Site Finder was live, various ISPs took action and re-routed their customers around it, and ISC released a special patch for ‘Bind’ that allowed filtering out Site Finder. Can VeriSign hold other parties who have interfered with Site Finder liable?

Jonathan Weinberg: ICANN has always raised troubling antitrust questions, since by its nature it involves competitors in an industry coming together to adopt rules that may well end up restricting competition; see Froomkin and Lemley’s authoritative ICANN and Antitrust [PDF]. In general, though, a court applying U.S. antitrust law would analyze an ICANN action challenged on this basis under the so-called “rule of reason,” and it wouldn’t find liability unless the action’s anti-competitive harms substantially outweighed its benefits. I don’t think that an antitrust claim against ICANN with respect to Site Finder would have a lot of traction. An ISP’s decision to route around Site Finder, and ISC’s decision to release a new BIND patch, all the more seem legally in the clear; none of these folks need lose any sleep over the possibility of a VeriSign antitrust claim.

CircleID: Many, including ICANN questioned the timing of VeriSign’s lawsuit, which was filed just days before ICANN’s quarterly meeting in Rome. In it’s official response, ICANN stated:

“It is ironic that VeriSign has decided upon this path at the beginning of a week where the Internet community is convening in Rome for inclusive bottom-up discussions on issues of importance to registries.”

Elana Broitman, director of policy at Register.com Inc., stated:

“It’s unfortunate, we would have liked to have gone into the meeting clean. Instead, this lawsuit has tied ICANN’s hands.”

Any comments on why VeriSign would choose such a timing to file its lawsuit?

Jonathan Weinberg: Not a clue. I’m guessing that VeriSign thought that this timing would put more pressure on ICANN, both with respect to WLS and in general; that’s just a guess, though.

CircleID: You have been quoted in the media saying “This is War” in reference to the VeriSign vs. ICANN lawsuit. And it sounds like in this war there will be causalities—regardless of which direction results of the lawsuit go. Could you elaborate on any specific dangers that may lie ahead?

Jonathan Weinberg: What I meant was that up until now, VeriSign and ICANN have maintained a facade of cooperation—they may not have liked each other, but they had to live with each other. VeriSign has now dropped the facade. There are dangers a-plenty. If VeriSign should win this lawsuit, it will be empowered to make unilateral changes in the COM and NET registries that will be harmful to the DNS as a whole. If ICANN should prevail, it may be emboldened to extend regulation and micro-management far beyond where they’re warranted. The most likely possibility is that the parties will settle, and we’ll continue going down to hell in a hand-basket, much as we’ve been all along.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


John Glube  –  Apr 1, 2004 10:14 PM

Interesting interview.

The contract clause in issue has two parts:

* “‘Registry Services’ means services provided as an integral part of the Registry TLD, including all subdomains.”

- and -

* These services include: receipt of data concerning registrations of domain names and nameservers from registrars; provision to registrars of status information relating to the Registry TLD zone servers, dissemination of TLD zone files, operation of the Registry zone servers, dissemination of contact and other information concerning domain name and nameserver registrations in the Registry TLD, and such other services required by ICANN through the establishment of Consensus Policies…”

I am not an American attorney, being a business person with a law degree. (I am presuming California law governs, although this may be an issue in itself.)

But in the general context of contractual interpretation, by using the words ‘means’ followed by ‘includes’ this gives rise to a very specific interpretation of the words used.

The opening statement, through the use of the word means defines in broad strokes the meaning of the word ‘Registry Services.’

(In essence this is the general set of ‘Registry Services.’)

The second statement, through the use of the word includes provides specific illustrations, but in using the word includes means the broad statement is not limited by the illustrations.

(In essence, this is a series of examples of what is included in the set, but by using the word ‘includes’ means the examples do not limit the meaning of the general definition.)

Of course, I could be all washed up on this and there could be other parts of the contract which have a bearing on the meaning.

How this bears on the overall picture? Well you would have to sit down and read the pleadings and the various contractual documents.

Perhaps of greater significance is the concern expressed in the article about the inability of ICANN to deal with change given the lack of clear governance rules.

If correct, this does not bode well. Although some are critical of the present arrangement,  I for one would not be excited about seeing ICANN taken over by a body like the UN.

Kind regards,

John Glube
Toronto, Canada

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign


Sponsored byVerisign