Home / Blogs

The Villain in the ICANN-VeriSign Struggle is the U.S. Government

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

ICANN Board Chair Vint Cerf now works for a company whose motto is, “Do No Evil.” So how could Vint and his fellow board members be engaged in a massive capitulation to the enterprise greed of dot-com operator VeriSign?

The story of how the Internet community got to its current impasse over the future of the ICANN-VeriSign relationship is overly complicated but the bottom line is that we are suffering from woes created by the U.S. Government with the best of intentions over the past fifteen years. And only the government has the capacity to stop equivocating and do the right thing for all of us.

The Road to Hell is Paved with Good Intentions

In the beginning, the Networking Division of the National Science Foundation outsourced the assignment of Internet domain names to a corporate predecessor of VeriSign in order to improve the service provided to those seeking names.

Unfortunately, the contractual agreement used was of a form designed to facilitate the transfer of government funded technology from research agencies to the private sector where it could be properly commercialized. Only after dot-com had become a multi-billion dollar government granted monopoly service did people see that a public good was being converted into enormous and unwarranted private gain.

In 1997, the White House packaged up what had become a growing scandal over jumbo profits in dot-com and asked Commerce Secretary Daley to “privatize” the domain name system. In 1998, Commerce published a white paper with the terms that formed the basis for awarding DNS “technical coordination” duties to ICANN, which was formed as a California non-profit corporation expressly for the purpose of assuming those duties.

But Commerce lawyers were faced with a multitude of problems in actually transferring responsibilities to ICANN. Were domain names property? Interested members of Congress wanted to know if a “giveaway” was in progress. In the meantime, the agreement under which dot-com (and net and org) were being operated was up for renewal, and the views of government lawyers and Network Solutions lawyers (this was prior to the VeriSign acquisition) were miles apart. Lawsuits and concomitant paralysis of the domain name system were threatened.

In the fall of 1998, a race to zero hour, which had been defined by the White House as Thanksgiving, took place.  In the end, Munich style thinking prevailed. Network Solutions got a continuation of its monopoly at a guaranteed wholesale price of six dollars a name, without any obligation to justify its costs to the community of users, in return for a vaguely worded commitment to agree to abide by policies to be adopted by ICANN. All of the important questions, many of which could only have been resolved by litigation in our system of government, were dodged, and the details were tossed in ICANN’s direction to be worked out.

In the subsequent seven years, the ICANN Board and its lawyers have struggled to do the right thing while being fundamentally handicapped by the shortcomings of its legal arrangements with the government, and the government’s continuing legal and political ties to the dot-com monopoly operated by VeriSign.

Monopolies Require Regulation

Acknowledging that the dot-com monopoly agreement was a problem, Commerce lawyers directed ICANN in 1998 to implement a system whereby retailing and wholesaling of domain names would be separated, retailers would be accredited by ICANN under a code of good practice, and registry operators would be required to do business with any accredited retailer, to be known as registrars. The projected benefits were similar to those sought when the U.S. Government separated long distance from local phone service in the 1980’s. Unfortunately, the economic theory behind these ventures has proven to be defective in practice. Dot-com is a bigger monopoly than ever, and the telecommunications business is remonopolizing as we write.

ICANN, VeriSign and the government currently are bound to each other in an incestuous legal triangle in front of which an appearance of public-private partnership is maintained. This arrangement masks the monopoly related tensions which have surfaced in the latest contract renewal debate. It suits VeriSign’s economic objectives and the government’s political objectives to have a facade of privatization over the DNS and to make it appear that the ICANN-VeriSign negotiations are simply the working out of differences among private partners in the DNS.

In truth, VeriSign is still protected from government anti-monopoly action by its residual cooperative agreement with the Department of Commerce.  There is no doubt that in its response to any antitrust suit filed against it, VeriSign will claim, as it has successfully in the past, that it is simply doing the bidding of the U.S. government. And ICANN, which has been sued over the terms of the draft agreement with VeriSign, will also maintain that it is simply fulfilling the terms of its contractual relationship with Commerce as detailed in the MOU and the separate IANA contract.

A Big Dose of Political Courage is Needed

As the lawyers pass this hot potato among them, what about the rest of us? Where is the solid institutional foundation under ICANN that we were promised in the glowing rhetoric of the White Paper seven years ago? Is there any end to the campaign of legal and financial intimidation that VeriSign continues to wage against ICANN? Are the legal troubles left over from expedient decisions in the 1990’s so serious in light of the international politicization of the DNS that we just need to throw in the chips and start over?

Unfortunately, the recent leadership at the Department of Commerce and at ICANN has been so preoccupied dodging bullets that none of the long term issues are being articulated or debated. Instead, we are treated to squabbles over contract language designed to perpetuate a comfortable and permanent annuity for the shareholders of VeriSign at the expense of domain name holders. If this is the American free enterprise system in action, it’s a pretty sad commentary.

Michael M. Roberts was the first President and CEO of ICANN, 1998-2001

Filed Under

Comments

Karl Auerbach  –  Feb 20, 2006 8:13 PM

I agree that this whole mess is due to fuzzy-thinking from the outset and which continues through the present.  And although the US Gov’t has certainly acted with flagrant disregard of even the most basic rules of administrative process and with an unbelievable lack of comprehension of internet technology, to my mind the greater share of the responsibility for the mess belongs to ICANN.

In one regard this continued lack of clear thinking is beneficial: ICANN has evolved over the years to avoid engaging on any matter that actually affects the ability of the internet to efficiently and promptly deliver packets between IP addresses and for DNS resolvers to answer queries.

Consequently, the ICANN/NTIA mess can spin and sputter without actually hurting the net’s ability to perform its primary task: the delivery of IP packets from senders to receivers.

See my note, Disappearing Act on the question of what would happen should ICANN, and simply vanish.  (Hint: Not much.)

I am constantly amazed at the naivete of ICANN and NTIA with regard to the actions of Verisign.  The latter is a for-profit corporation that is permitted, and even obligated, to seek and monetize opportunities within the limits of the law.  Both ICANN and NTIA seem surprised whenever Verisign does what any red-blooded for-profit corporation would do.  (And NTIA is part of the US Department of Commerce - one would hope that the US Department of Commerce might understand the nature of for-profit enterprises!)

The proposed ICANN-Versign contract continues the sad history.  This new proposed contract fails to require Versign. in exchange for its monopoly position over .com, to confine its privileged role to that of providing registry services and only registry services.

We should also not forget that ICANN’s 1998 agreement with NetSol/Verisign was improperly adopted by ICANN’s board in violation of ICANN’s own by-laws: The board accepted that agreement over the objections of ICANN’s own DNSO.  (I still have a request for independent review outstanding on that matter.)

Those of us who objected to ICANN’s headlong leap into bed with Verisign were labeled by ICANN as “arrogant” and “juvenile”.

In other words, ICANN looked at this mess way back in 1997 and voluntarily stepped into it.  That was an act solely of ICANN (and of the law firm that created ICANN) and not of the US Dept of Commerce or NTIA.

And we should also not forget that a couple of years later ICANN compounded and extended this mess when it voluntarily decided to adopt the private initiative of the lawyer who created ICANN to gift .com to Verisign in perpetuity.  Again, that was 100% ICANN’s doing; the US Gov’t was not involved (at least not above the sheets.)

The US Government never put a gun to ICANN’s head and never forced ICANN to sign any of the ICANN-Verisign agreements.  ICANN has always had the opportunity to say “no”.

I believe, however, that, when we go beyond the Verisign situation and into the larger realm of internet governance that the US Gov’t does have a deep responsibility for many of the difficulties and troubles.  I feel that under Becky Burr and Nancy Victory I the US had the right intent but was mistracked by a lack of knowledge exacerbated by governmental hubris.  But now that the US Dept of State has stepped in, the US Gov’t is most certainly using ICANN as a tiddlywink in an international game of internet hegemony.

joe sims  –  Feb 21, 2006 1:02 AM

I start with my usual caveat:  these are my personal views.

Mike Roberts stepped up without hesitation, and in the middle of enormous controversy, and was critical to the initial survival of ICANN under extremely difficult circumstances.  For this service he has a lot of credit stored up with me.  And much of what he says about the beginning of ICANN is correct. It was not an example of the best of government.  But on this particular issue I disagree with his conclusion. 

ICANN has just come through a year of holding off those who wanted to see it subsumed into some UN entity; if you think ICANN is slow and sludgy now, try that option.  That issue has not gone away, it is merely sidetracked momentarily, but it will return in some form.  One might argue, as Karl does, that the disappearance of ICANN would have no effect, but that assumes that something else does not arise to take its place—and that something else would be governmental, not private.  I hear very few voices in this community who think that would be an improvement over the status quo.  So the solution is to make ICANN as effective as it can be in doing the things it does, one of which is make it difficult for others to claim that the world’s governments need to take direct control of the naming and addressing functions that today exist under the umbrella of ICANN. 

From a stabilty and operational perspective, VS has operated .com effectively; it works, and generally smoothly.  Whether that is something that almost anyone could do or something that takes real expertise and experience is almost irrelevant, because no one who depends on .com for important commercial activity—and I include businesses as well as governments—wants to risk being wrong on that point.  And so it was the conclusion of those involved in the VS negotiations in 2001 that providing what amounted to a de facto perpetual right to operate .com was giving up little or nothing, since it was unlikely as a practical matter that operation of this most important of the DNS registries was likely to be moved to different hands, and in return we obtained the ability to redelegate .org and to rebid .net.  So the issue of VS retaining perpetual rights to operate .com absent very unusual circumstances was debated and decided five years ago; the proposed new agreement adds nothing meaningful to those rights.  What the new agreement does do is resolve all of the outstanding disputes between ICANN and VS, and much more importantly, reflects VS’s commitment to become a productive, as opposed to disruptive, participant in the ICANN commuity going forward.  I know Karl (and perhaps Mike) will be highly suspicious of VS’s good faith on this point, and with some basis.  I am more comfortable on this point because I think the new agreement more effectively aligns VS’s incentives with the objective of productive participation in ICANN, whereas the previous agreements—the product of the very imperfect process at ICANN’s birth described by Mike—created just the opposite incentive, to reist integration into the ICANN community. 

With respect to the pricing issue, that is new in this agreement, and it is a fair point for discussion and debate.  And it is certainly possible that in the short term VS will find it possible and desirable to raise its registry prices.  But in the long run, VS will only be able to charge for the value it provides; there are already a number of alternatives to registration in .com and there will be more in the future, especially if .com prices go up.  A .com registration may be sufficiently more attractive at the moment than one in .into or .biz or .uk or .de to be able to charge a higher price, so to protect against serious adverse impact, the agreement limits how much VS can raise prices, how often it can do it, and most importantly, requires six months notice and the opportunity to buy up to a 10-year registration anytime there is a price increase.  So there are multiple protections built into the agreement against exploitation of registrants—not perfect, because the market for domain name registrations is not perfectly competitive, but in our judgment sufficient under the circumstances. 

Finally, this agreement will end all litigation with VS.  I put this last because I do not think this benefit, which is significant, would be worth accepting a bad agreement.  But in my judgment, and I repeat again that these are my personal views, this is a good agreement that offers many benefits to the ICANN community, only one of which is the end of expensive and burdensome litigation in which, no matter how confident we feel in our legal positions, there is always a chance of adverse outcomes.  The agreement establishes workable procedures for evaluating additional services that VS might want to offer, and it commits VS to working with the rest of the ICANN community to preserve the private sector approach to DNS oversight and coordination, as opposed to seeing this devolve into an intergovernmental body of some kind.  And while harder to value, it finally, after 8 long years, brings the largest and most important registry operator and one of the most important infrastructure providers in this space into full and hopefully beneficial participation in the ICANN community, for the first time since ICANN’s creation.  The potential benefits of all this are enormous—for ICANN, for its stakeholders, and for the stability and continued effective operation of the DNS.

Berard  –  Feb 21, 2006 7:06 PM

As the spokesperson for the Coalition for ICANN Transparency (CFIT) I am compelled to add to the comments posted by Mr. Sims.  Expand on them, might be a more accurate phrase for I fear he has used to small an aperture to view the implications of the proposed .com deal.

When he says “ICANN has just come through a year of holding off those who wanted to see it subsumed into some UN entity; if you think ICANN is slow and sludgy now, try that option,” he ignores the fact that making VeriSign the primary source of funds for ICANN will energize those calling for international control.

When he says “Finally, this agreement will end all litigation with VS,” he ignores the likely INCREASE in law suits that will confront ICANN if the deal is implemented.  Certainly, CFIT’s suit will continue and, as the deal creates an uneven playing field among registries, allows price increases without economic justification and eases “monopoly creep” into now competitive service areas, the landscape for litigation (and its costs to ICANN) will grow.

And when he says “What the new agreement does do is resolve all of the outstanding disputes between ICANN and VS..,” he ignores the caveat in the .com proposal that excludes on-going litigation led by SnapNames, a company VeriSign has pursued in acquisition.

All in all, the deal does little to help, inoculate or advance ICANN or its constituents.

Bret Fausett  –  Feb 21, 2006 7:53 PM

Third Time Is The Charm?

Joe Sims wrote:
“And while harder to value, [the settlement] finally, after 8 long years, brings the largest and most important registry operator and one of the most important infrastructure providers in this space into full and hopefully beneficial participation in the ICANN community, for the first time since ICANN’s creation.”

This will make the third time that ICANN has asked the community to swallow a problematic agreement with Verisign on the promise that it will bring the company into the ICANN community. We heard this in 1999 when Network Solutions signed its first agreement. We heard it again in 2001 when Verisign renegotiated the 1999 Netsol deal. Why, exactly, are we supposed to believe it now? And I don’t see how the proposed agreement brings Verisign into “full and hopefully beneficial participation in the ICANN community” when the registry contract exempts Verisign from certain categories of GNSO policymaking. Yes, the agreement may mean that Verisign no longer fights with ICANN but this is only because ICANN will have relinquished any meaningful control over its ability to coordinate the technical aspects of the .COM registry and protect consumers from the imposition of monopoly rents.

  —Bret Fausett

Milton Mueller  –  Feb 22, 2006 12:25 PM

I can’t help feeling amused by this debate. Perhaps the most amusing thing is that all sides can agree that the bogeyman of “international control” is far, far worse than what is happening now. More about that later.

Equally amusing, I find myself agreeing with Mike Roberts and Joe Sims on significant points (though not the entire package).

Mike Roberts is on target when he says, “ICANN, VeriSign and the government currently are bound to each other in an incestuous legal triangle in front of which an appearance of public-private partnership is maintained.”

Joe Sims is on target when he says that “providing what amounted to a de facto perpetual right to operate .com was giving up little or nothing, since it was unlikely as a practical matter that operation of this most important of the DNS registries was likely to be moved to different hands, and in return we obtained the ability to redelegate .org and to rebid .net.” More generally, domain name registries that succeed in building up value in their TLDs deserve to benefit from the future value of their investment in physical infrastructure and brand equity. Any other policy would erode the long-term economic sustainability of DNS.

But I’ve got to quibble with Sims about that “ability to redelegate…net”
Because we didn’t really redelegate .net, did we? And the reason is that VeriSign was able to work its lobbying magic in the U.S. Congress and play the “national security” card (which we all know is bogus, at least as far as OUR security is concerned). So public interest was sacrificed to nationalistic politics and Washington-based capture.

Will someone explain to me then what is so terrible about bringing some international political and legal forces into play here? Since it’s true that the USG, VeriSign and ICANN are locked in an unlovely embrace of interdependence and there is no domestic political impetus to get us out of that, why is the UN-based process viewed with such trepidation?

Is it because the US is a paragon of freedom and the rest of the world full of mindless authoritarians just waiting to put the brakes on the internet’s freedom? Give me a break! We have a US President who literally claims that he can make up laws justifying his actions and ignore ones he doesn’t like. We have an NSA that claims it can ask for anyone’s email
regardless of whether it’s domestic or foreign and ISPs that are willing to turn it over.

And as someone who has been deeply engaged in ICANN’s policy making processes, complaining about the “slowness” of international processes is gargantuan hypocrisy - we are now in year 8 of ICANN’s existence and it doesn’t have a stable policy toward new TLD additions, it hasn’t reformed the Whois-privacy relationship after 6 years, it is just getting a ccNSO into place after 8 years, etc. etc. The days are long past when we can talk about private sector self-regulation as if it were “nimble” unless one is into making really bad jokes.

joe sims  –  Feb 26, 2006 1:05 AM

I’m always amused when folks assert as facts things that (1) did not happen, and (2) that they have no way of actually knowing whether they happened or not. Milton Mueller disparages the right to redelegate .net that was obtained in the 2001 VeriSign negotiations because—horrors!—VeriSign won the redelegation competition.  Milton says that was because the US Congress determined the result (of course, he offers no details on how exactly that happened).  With all due respect, this is nonsense?  I’m not going to recite the long list of facts that show that assertion is clearly nonsense, since you can find all that in the record on the ICANN website if you are interested.  What Milton appears to really be complaining about is not that ICANN did not have the right to redelegate .net but that it didn’t hand the .net registry over to someone—anyone—other than VeriSign.  I know it is a waste of time to try to convince some that the right to redelegate that ICANN wanted and negotiated was just that—the right to issue a competitive RFP and then to award the right to operate the registry to the best-qualified applicant—which turned out to be VeriSign.  This should not be too shocking a result, since VeriSign is a very experienced and by all accounts competent registry operator, and VeriSign clearly put forth a very aggressive proposal.  Most importantly, VeriSign was graded the highest on objective criteria by completely independent third party evaluators.  So, ICANN got exactly what it negotiated for—the opportunity to have a competitive process decide the next .net registry operator.  It did not, as was the case with .org, seek or negotiate the right to prevent VeriSign from participating in the competition.  And in return for these and other concessions, ICANN agreed to a presumptive right of renewal for .com, for the reasons I stated in my earlier comment.  Just trying to keep the record straight in case any of this is read by persons with innocent eyes and ears.

Karl Auerbach  –  Feb 26, 2006 9:59 AM

In baseball its three strikes and you’re out.

We see in this thread ICANN being defended by its first president and by the attorney who created it, who created the perpetual right for Verisign to retain .com, and who is rumored to be the architect of the proposed ICANN-Verisign agreement with its “7% solution” (and whose law firm has been ICANN’s largest creditor every year since ICANN’s formation.)

Their comments, particularly those of the latter, sound like the whining of a batter who has swung at a dozen pitches, accumulating dozens of strikes, who shrieks at the umpire that he must not be declared “out” and must be given yet another chance to swing at yet another pitch.

ICANN was formed for the purpose of guaranteeing to the users of the internet that the technical aspects of net’s name and addressing systems would be efficient, speedy, stable, and reliable.

That never happened.  Fortunately for the net others stepped in and did ICANN’s job.

ICANN was also to have brought the benefits of a competitive marketplace into the business of domain names.

Has it?

Certainly everyone can agree that the 1997 Network Solutions price of $35/year has come down.

But price alone is not the full measure.

The reduction in price has been accompanied by an increase in other, largely intangible, costs of acquiring domain names.  Domain name buyers pay a price through the wholesale reaping of marketing data and loss of privacy.  Domain name buyers are required to pay a generous “registry fee”.  Domain name buyers are saddled with restrictive and predatory contractual terms designed to transfer legal rights from domain name buyers to trademark owners and to subsidize a massive and unsavory system of domain name speculation.

Instead of creating a competitive marketplace ICANN has created a medieval guild that denies permission to those who wish to try to offer new and innovative domain name products.  ICANN has not brought forth alternatives to the old Network Solutions/Verisign offerings.  ICANN has merely created clones.

Their comments try to portray ICANN as a success.

Yet, how can ICANN be considered successful when it does nothing to ensure that network addresses may be effectively allocated and used as sources and destinations for packets?  How can ICANN be considered a success when it has not taken a single step to ensure that the root and TLD layers of DNS respond to user queries promptly, accurately, and without bias?  And how can ICANN be considered a success when, if ICANN’s anti-competitive policies were eliminated, the tangible and intangible parts of domain name prices could be far lower than they are today and consumers would have a much broader spectrum of choices among truly different offerings?

The ICANN they created has its closest ancestor in the centralized planning bureaus of the old USSR; their creation is equally unfriendly to to consumers and equally antithetical to a truly competitive and innovative marketplace.

In this thread and elsewhere I suggested that were ICANN to vanish few would notice.  The attorney who founded ICANN responded by saying that ICANN would necessarily be replaced.

Why should replacement be a necessity?

It doesn’t take a genius to understand that replacing nothing with nothing results in nothing.

Nothing will be gained by replacing ICANN with a body that replicates ICANN’s failure to engage on matters that have a concrete relationship to the technical ability of the net’s addressing and DNS systems to move packets and answer name queries.

And nothing will be gained by replacing ICANN with a body that replicates ICANN as a body that destroys innovation and imposes a world of contrived domain name business practices designed to pump money out of the pockets of domain name consumers and into the pockets of a few select “stakeholders”.

ICANN failed in its conception.  Strike one.

ICANN failed to assuring technical stability.  Strike two.

ICANN failed to create an innovative and competitive marketplace in domain names.  Strike three.

It’s time to send these batters back to the dugout.  They struck out long ago.  They don’t deserve another chance to swing at the ball.  It’s time to get on with the game.

Milton Mueller  –  Feb 27, 2006 12:10 AM

Alert!
Someone please inform Joe Sims that a PR flak from VeriSign is spoofing him on a public blog.

Oh, this is for real? OK.

Joe, I met with lotsa Congressional staffers and I know what went on and what goes on. I know that Kieren McCarthy exposed the ways in which Telcordia’s report was skewed to favor VeriSign. I know that half a dozen DC-based policy-analysts-for hire (e.g., PFF) suddenly were retained by VeriSign during the .net rebid, and starting making scary noises about the national security implications of letting .net go to a foreign entity. Note that these people were in Washington, and never showed up at ICANN meetings or in any public fora where ICANN policy was deliberated and set. Their target was the USG, and specifically congress, not the “Internet comunity” which supposedly sets policy via ICANN.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix