Quantcast
Channel: CircleID: Law
Viewing all articles
Browse latest Browse all 531

Is ICANN Running a Racket?

$
0
0

On March 13, 2019, I published an article on CircleID, Portrait of a Single-Character Domain Name, that explored the proposed release and auction of o.com, a single-character .com domain name that was registered in 1993 and assigned to the Internet Assigned Numbers Authority (IANA) by Dr. Jon Postel. Although the National Telecommunications and Information Administration (NTIA) has since raised serious objections, this was only after Verisign and ICANN already had amended the .com registry agreement and spelled out their auction plan.

The Second Amendment to the .com Registry is a dichotomy of sorts — on one hand, it offers a detailed description of the auction scheme while, on the other hand, raising substantial questions as to just what exactly was agreed to for the Internet's dominant registry and why. This article examines the issues and mysterious circumstances surrounding single-character .com labels.

The amending of the .com registry agreement contemplating the o.com auction followed an extensive process that included a proposal submitted by Verisign under ICANN's Registry Services Evaluation Policy (RSEP), formal notification of competition concerns by ICANN to the U.S. Department of Justice, a public comment period for the RSEP, and, finally, consideration and approval by ICANN's board. Several members of the board didn't even remember voting to approve amending ICANN's agreement with it's largest ratepayer which governs the Internet's most lucrative registry and maybe this is unsurprising since every single bit of it was nothing more than imaginatively choreographed Kabuki theater.

As stated earlier, o.com along with most of the single-character .com labels were registered by Dr. Postel on December 1, 1993 as a way of reserving these domain names for a since-unrealized potential development path for the Internet's Domain Name System (DNS). Following Dr. Postel's unexpected death and ICANN's founding, both in 1998, these registrations were assigned to the IANA registrar (I.D. 376) and have been kept mostly out of view ever since. All except for o.com which, since at least 2006, has been the target of persistent pursuit by Overstock and at least one purchase offer. This attempted transaction is recounted by former ICANN executive Kurt Pritz:

Patrick (Overstock's founder and then-CEO) wanted to buy o.com. He sat across from me and slid a check for $1,000,000 payable to ICANN across my desk...If my memory serves me correctly, Patrick offered $2 million.

Perhaps Overstock's attempt was rebuffed because the price offered wasn't generous enough but this episode demonstrates how a party interested in acquiring o.com could and did conclude, correctly, that single-character .com labels are existing domain name registrations and, incorrectly but maybe somewhat understandably, that they were ICANN's to sell since they were and remain registered to the IANA registrar.

Why are these names still registered by IANA?

The first .com Registry Agreement in 2001 along with subsequent registry agreements prohibited new registrations of single-character labels in all Internet registries. ICANN has since permitted the release of single-character labels in every Internet registry except VeriSign-operated .com and .net. Appendix 6 of the current .com Registry Agreement, mirroring Schedule K of the 2001 agreement, says:

Except to the extent that ICANN otherwise expressly authorizes in writing, the Registry Operator shall reserve names formed with the following labels from initial (i.e. other than renewal) registration within the TLD:

All single-character labels

This appears simple and straightforward. However, as is common with anything involving ICANN's contracting practices, there's more to this than meets the eye. This is because single-character labels in the .com and .net registries are already registered to IANA — hence, no "initial registration" is possible unless these names are removed from the .com registry by not renewing them or affirmatively deleting them.

For purposes of technical clarity, Internet registries utilize a software platform called the Shared Registry System (SRS) and which is operated by Extensible Provisioning Protocol (EPP) commands. EPP commands are typically used by registrars on behalf of their customers and include Add, Delete, Transfer and Renew, among others.

Importantly, the EPP commands Transfer, Delete, and Renew aren't prohibited or impacted in any way by Appendix 6 and we can be certain of this because of two single-character .com labels that were registered prior to Dr. Postel's bulk registrations on behalf of IANA in 1993. The registrations for x.com and z.com have been transferred and renewed since then, including after the .com Registry Agreement's prohibition on initial registration was implemented in 2001. Only the Add command is disallowed and this isn't relevant because registrations for single-character .com labels already exist and, since "initial registration" isn't at issue here, the Appendix 6 requirement for ICANN's express written authorization doesn't apply.

During any of the last twenty Decembers these registrations could have been allowed to expire and the domain names would have been deleted from the .com registry and, consequently, been made subject to the Registry Agreement's Appendix 6 prohibition. Instead, they have been renewed every Christmas season during the 21st century and the reason why is most likely the same as what motivated both the attempt at "forced scarcity" by singularly auctioning off only o.com and Willie Sutton's fixation on robbing banks: because that's where the money is.

An enquiring mind might naturally turn to wonder who is attempting to profit illicitly from single-character .com labels and answering that requires some digging. In their Second Amendment to the .com Registry Agreement, ICANN and VeriSign took great pains to forswear receiving any of the auction proceeds except for the same $7.85 that VeriSign receives for every .com registration. However, methinks the amendment doth protest too much because both the auction provider and the trustee of the auction proceeds were to be selected by VeriSign while the remainder of the auction proceeds were designated for non-profit organizations specified in an Exhibit A that is incorporated into the amendment.

Today, stakeholders navigating to ICANN's website to view Exhibit A of the Second Amendment to the .com Registry Agreement will find nothing but a blank sheet of paper — the list of beneficiaries was redacted on May 23, 2019 after initially being published two months earlier. However, a stakeholder that downloaded the PDF of the Second Amendment on April 11, 2019 could review a non-redacted Exhibit A and see a familiar name among the beneficiaries: the Internet Society (ISOC). Many of the other organizations on the list have important missions, but do they really want largesse that comes from illegitimate auctions of domain names that don't belong to their erstwhile would-be benefactors?

VeriSign has aggressively tried to obscure from view this list of non-profit beneficiaries by having its attorneys claim that it is a trade secret. This is both patently false and laughably absurd. The Colonel's 99 finger-lickin' good spices and the formula for Coca-Cola are trade secrets; the list of organizations receiving the vig from an illegitimate auction of o.com — not so much.

A trade secret is defined by Wikipedia as:

A type of intellectual property that comprise formulas, practices, processes, designs, instruments, patterns, or compilations of information that have inherent economic value because they are not generally known or readily ascertainable by others, and which the owner takes reasonable measures to keep secret.

It seems like folks that went to law school probably ought to have the mental wherewithal to consider that a document posted on ICANN's website for two months — as opposed to, say, two minutes or two hours — doesn't quite rise to the level of "reasonable measures to keep secret" before sending bullying letters claiming such nonsense.

But that's an entitled monopoly for you — they're like opinions and something else that everybody's got.

According to Wikipedia, trade secrets must have three components to be considered as such under both domestic and international law. A trade secret:

  1. is not generally known to the public;
  2. confers economic benefit on its holder because the information is not publicly known; and
  3. where the holder makes reasonable efforts to maintain its secrecy.

VeriSign's lawyers may get their law degrees from a Cracker Jack box, but it seems safe to assume that they can access the Internet like everybody else and that these required characteristics are known to them. So what is the "inherent economic value" of the list of potential o.com auction beneficiaries and what "economic benefit" is conferred on VeriSign that elicits such predatory behavior?

More importantly, why is this redaction nonsense being allowed in the first place?

Who controls the IANA registrar?

From 1988 until April 1997, IANA was a set of functions funded by the U.S. government and performed pursuant to a contract between the U.S. Defense Advanced Research Projects Agency (DARPA) and the Information Sciences Institute (ISI) at the University of Southern California (USC). To be clear, the .com single-character labels were registered in 1993 by Dr. Postel while he was performing the IANA functions under contract with, and being paid by, the U.S. government.

IANA became an operating unit of ICANN in 1999. However, two authoritative reports from the U.S. Government Accountability Office (GAO) in 2000 and 2016 make clear that only responsibilities were transferred to ICANN — no rights, property, or interest pertaining to any IANA registrar or single-character .com labels registered by U.S. government contractors were transferred to ICANN or other contracted parties. Even Wikipedia cites the U.S. Federal Government as the founder of IANA.

It appears, however, that ICANN — working in concert with other parties — is engaged in a rather madcap vaudevillian caper where, in essence, it's figurative foot is on a proverbial dollar bill that fell on the ground and it is slowly inching the banknote towards itself while fast-talking a patter of gibberish to distract everybody and hoping nobody notices what they are up to. In the course of perpetrating this attempted misappropriation, ICANN has laid waste to community-developed processes, procedures, and protections for the DNS and disregarded community input and stakeholder concerns, including from its own Intellectual Property and Business constituencies, among others.

Why did VeriSign submit an RSEP proposal for a new "o.com service" when there is nothing new about transferring existing domain name registrations between registrars and registrants? It might have something to do with the little matter of .com pricing power which ICANN sold them and perhaps it's time to consider that the price paid included more than the $20 million that ICANN collected publicly and which may actually have been artful misdirection away from a much larger bill of goods being orchestrated at the same time.

Anyone examining the Second Amendment to the .com Registry Agreement might be appalled at discovering that an iceberg-sized loophole was blasted into the .com Registry Agreement whereby o.com was exempted from the Add Grace Period, Renew/Extend Grace Period, Auto-Renew Grace Period, and Pending Delete Period aspects of the typical domain name lifecycle and in the unlikely event that o.com wasn't renewed then it "will be held by Registry Operator until Registry Operator makes o.com available via a later auction or other allocation process."

Since it's incredibly far-fetched that the o.com registration would ever be permitted to expire then it must be that this would be pointed at in some not-so-distant future as precedent for a new depredation to be inflicted during efforts at further profiteering — at the very least, it was a "pilot" that was meant to pave the way for releasing the other single-character labels that remain registered to IANA; but, considering that single-character labels have been released in all other domain name registries, what exactly was being "piloted?"

Perhaps the answer to this question lies in another area that demands greater scrutiny. According to more than one source, last year on the afternoon of Friday, September 11th, the price of single-character labels in VeriSign's four transliterated .com Internationalized Domain Name (IDN) registries suddenly and mysteriously dropped. Until then, all of the single-character labels in transliterated .com IDNs had been priced uniformly at $37,500. But on 9/11, single-character IDN labels in the Mandarin, Hangul, and Katakana scripts dropped to $30,000 each while those in the Hebrew variant plummeted to $29.99. There are approximately 6 million people on the planet that speak Hebrew — most of them in Israel and unlikely to be looking for unannounced domain name deals after sundown on a Friday. But at least one registrant attempting to take advantage of this unadvertised Sabbath sale was subjected to bizarre irregularities after rightfully registering a domain name.

As recounted by a registrant, the registration was accepted by the registrar, the credit card was charged, and the name appeared in a WHOIS lookup. Within thirty minutes, the registrant received an inexplicable rejection notice by email and the registration was removed from the WHOIS lookup tool. The registrar's customer service agent expressed bafflement as to what was occurring and relayed that the company's general counsel's office was directing the rejection for unapparent reasons. The registrant secured the registration through a different registrar for the same unadvertised Sabbath sale pricing and the initial registrar turned increasingly hostile upon being pressed further for answers.

Who could cause such a sudden, unadvertised, and astonishingly steep pricing drop across registrars? Since this occurred during the season of the Jewish High Holy Days, was this VeriSign's version of Macy's New Year's Day Sale? Who could have interceded with the initial registrar so quickly on a Friday evening and induced the cancellation of a duly registered domain name including removal from the WHOIS database?

The interference didn't extend to the second registrar, which implies it may not have been an official action by the registry, and readers might be asking themselves: why does this matter? Well, it matters because VeriSign has maintained a firm commitment since at least 2013 that:

a registrant of an IDN.com or IDN.net or registrant in one of our new IDN TLDs will have the sole right subject to applicable rights protection mechanisms, but not be required to register the same second-level domain name across all or any of our IDN TLDs, including the .com or .net TLDs as applicable. (emphasis added)

Was VeriSign attempting to facilitate the discounted registration of single-character transliterated .com IDNs either for itself and/or others to use during some future release of single-character .com labels? Was this an inside job attempting either to profit personally or to aid and abet co-conspirators — perhaps some "off the record, on the QT and very hush-hush" private sales to those holding existing rights?

This all may seem very L.A. Confidential-esque but the destruction of more than $1 million in shareholder value by the unadvertised Sabbath discounts is a serious matter. Far more grave, however, is the interference with legitimate domain name registrations and messing around with the WHOIS records which sounds like the sort of stuff of which registry and registrar agreement terminations ought to be made.

The sad fact is that the DNS has been overtaken by a Mafia-like amalgamation of interests that, in concert, are seeking to profiteer by taking and selling what isn't theirs and by plundering Internet registries that were created by the U.S. government and which are supposed to be operated in the public interest. They care nothing about the damage to the DNS and loss of legitimacy caused by their outrageous behavior and they have no respect for anybody or anything except for the same Mammon god of all mafiosi — cold, hard, cash.

Written by Greg Thomas, Founder of DNSDecrypt


Viewing all articles
Browse latest Browse all 531

Trending Articles