“Halt perverted .sucks shakedown now!” demands IPC

Intellectual property interests have asked ICANN to put an immediate stop to the roll-out of the .sucks new gTLD.
A letter to Global Domains Division president Akram Atallah, sent by the Intellectual Property Constituency this evening and seen by DI, calls the registry’s plans, which include an “exorbitant” $2,500 sunrise fee, a “shakedown scheme”.
It’s also emerged that Vox Populi, the .sucks registry, has agreed to pay ICANN up to a million dollars in mysterious fees that apply to no other new gTLD registry.
The IPC letter states.

the Intellectual Property Constituency is formally asking ICANN to halt the rollout of the .SUCKS new gTLD operated by Vox Populi Registry Inc. (“Vox Populi”), so that the community can examine the validity of Vox Populi’s recently announced plans to: (1) to categorize TMCH-registered marks as “premium names,” (2) charge exorbitant sums to brand owners who seek to secure a registration in .SUCKS, and (3) conspire with an (alleged) third party to “subsidize” a complaint site should brand owners fail to cooperate in Vox Populi’s shakedown scheme.

Vox Populi intends to take .sucks to sunrise on Monday, so the IPC wants ICANN to take immediate action.
The high price of registration, the IPC believes, will discourage trademark owners from using the sunrise period to defensively register their marks.
Meanwhile, the registry’s plan to make the domains available for $10 under a “Consumer Advocate Subsidy”, will encourage cybersquatting, the IPC says.

by discouraging trademark owners from using a key RPM, we believe that the registry operator’s actions in establishing this predatory scheme are complicit in, and encourage bad faith registrations by third parties at the second level of the .SUCKS gTLD, and thus drastically increase the likelihood of trademark infringement, all for commercial gain

The letter goes on to say that Vox Populi may be in violation of its registry contract and the Post-Delegation Dispute Resolution Policy, which was created to prevent registries turning a blind eye to mass cybersquatting.
There’s also a vague threat of legal action for contributory trademark infringement.
The IPC has particular beef with the registry’s Sunrise Premium program. This is a list of strings — mostly trademarks — that have been defensively registered in earlier sunrise periods.
Sunrise Premium names will always cost $2,500, even after sunrise, when registered by the trademark owner.
The IPC says:

Vox Populi is targeting and punishing brand owners who have availed themselves of the RPMs or shown that they are susceptible to purchasing defensive registrations… This will have a chilling effect on TMCH registrations and consequently discredit all of the New gTLD Program RPMs in the eyes of brand owners, whose buy-in and adoption of new gTLDs is widely acknowledged to be critical to the success of the new gTLD program.

Finally, and perhaps more disturbingly, the IPC has discovered that the .sucks registry agreement calls for Vox Populi to pay ICANN up to a million dollars in extra fees.
As well as the usual $25,000-a-year fee and $0.25 per-transaction fee, .sucks has already paid ICANN a $100,000 “registry access fee” and has promised to pay a $1 “registry administration fee” per transaction on its first 900,000 domains.
Its contract states:

Registry Operator shall also pay ICANN (i) a one-time fixed registry access fee of US$100,000 as of the Effective Date of this Agreement, and (ii) a registry administration fee of US$1.00 for each of the first 900,000 Transactions. For the avoidance of doubt, the registry administration fee shall not be subject to the limitations of the Transaction Threshold.

This makes ICANN look absolutely terrible.
What the hell is a “registry access fee”? What’s a “registry administration fee”?
One guess would be that it’s ICANN stocking up its legal defense fund, suspecting the kerfuffle .sucks is going to cause.
But by taking the Vox Pop shilling, ICANN has opened itself up to accusations that it’s complicit in the “shakedown”.
If it does not block .sucks (which was probably the most likely outcome even without mysterious fees) the IPC and other .sucks critics will be able to point to the $1 million as a “bribe”.
The behavior is not without precedent, however.
There’s a reason ICM Registry pays ICANN a $2 fee for every .xxx registration, rather than the much lower fees charged to other gTLD registries.
Read the IPC letter here.

Why is .sucks based in Frank Schilling’s office?

The upcoming new gTLD .sucks is being run from the offices of Frank Schilling’s Uniregistry and it has a close business relationship with the registry, DI has discovered.
Vox Populi Registry, which runs .sucks and which I and many others have been assuming is completely controlled by Canadian registrar group Momentous, in fact seems to be tightly aligned with Uniregistry.
Schilling characterized it both as a “working relationship” and a “joint venture” today.
I heard through the rumor mill last year that Uniregistry may have a stake in Vox Pop.
But it wasn’t until I checked the IANA database record for .sucks today that the rumor seemed to be to an extent confirmed.
The address for Vox Populi, a Canadian company according to its ICANN contract, is listed as Uniregistry’s office in Grand Cayman in both Registry Sponsor and Administrative Contact records.
Momentous CEO Rob Hall is named as Technical Contact at a Barbados address.
“We have a joint venture agreement and are presently handling postage and handling for Vox Populi,” Schilling told DI today. “We are providing office space services to them as well.”
He characterized the deal as a “working relationship”.
I would not be at all surprised if it’s much closer than that.

Could you survive a .sucks UDRP?

If you register a .sucks domain matching a brand, could you survive a subsequent UDRP complaint? Opinion is mixed.
In my view, how UDRP treats .sucks registrants will be a crucial test of Vox Populi Registry’s business model.
Vox Populi Registry clearly envisages — and is actively encouraging with its policies — genuine critics, commentators and consumer advocates to register .sucks domains that match famous trademarks.
I really like this idea. Power to the people and all that.
But will UDRP panelists agree with me and Vox Pop? Cybersquatting case law under UDRP says, very firmly: “It depends.”
Statistics generally favor mark owners
To date, there have been exactly 100 resolved UDRP complaints against domains that end in “sucks.com”.
Of those, 47 cases ended up with a full transfer of the domain to the trademark owner. Only 30 resulted in a the complaint being denied.
Another 19 cases were withdrawn or terminated; the remainder were split decisions.
So it seems, based on historical “sucks” cases, that the odds favor trademark owners.
But each case is, theoretically at least, judged on its merits. So it does not necessarily hold that most .sucks UDRP complaints will be successful.
What does WIPO say?
The World Intellectual Property Association, which administers most UDRP cases, published a set of guidelines for its panelists.
Some guidelines specifically addresses “sucks” sites, but the advice is not always clear-cut.
There are three elements to UDRP. First, the complainant must show that the domain name in question is identical or confusingly similar to its trademark.
According to WIPO, it’s the “consensus view” of UDRP panelists that adding “sucks” to a trademark at the second level does NOT stop a domain being confusiningly similar. WIPO says:

Generally, a domain name consisting of a trademark and a negative or pejorative term (such as [trademark]sucks.com) would be considered confusingly similar to the complainant’s trademark for the purpose of satisfying the standing requirement under the first element of the UDRP (with the merits of such cases typically falling to be decided under subsequent elements). Panels have recognized that inclusion of a subsidiary word to the dominant feature of a mark at issue typically does not serve to obviate confusion for purposes of the UDRP’s first element threshold requirement, and/or that there may be a particular risk of confusion among Internet users whose first language is not the language of the domain name

Some panels have disagreed with this prevailing view, however.
It remains to be seen whether moving the string “sucks” to the right of the dot would affect the outcome, but it’s established UDRP case law that the dot in a domain can be pretty much ignored when testing for similarity.
The TLD a domain uses can be taken into account if it’s relevant or disregarded if it is not, according to precedent.
The second test under UDRP is whether the registrant of the domain has legitimate rights or interests.
Panelists disagree on this point. WIPO says:

The right to criticize does not necessarily extend to registering and using a domain name that is identical or confusingly similar to the complainant’s trademark. That is especially the case if the respondent is using the trademark alone as the domain name (i.e., [trademark.tld]) as that may be understood by Internet users as impersonating the trademark owner.

That view would seem to apply specifically to the use cases Vox Pop has in mind — the registry wants critics to own [trademark].sucks domains in order to criticize the trademark owner.
In the 2003 case of natwestbanksucks.com, the WIPO panel drew on earlier precedent to find that the registrant had no rights to the domain.

Respondents’ can very well achieve their objective of criticism by adopting a domain name that is not identical or substantially similar to Complainants’ marks. Given the free nature of the media which is the Internet and the chaotic spamming that has become epidemic, it does not appear that one can be at full liberty to use someone else’s trade name or trademark by simply claiming the right to exercise a right to freedom of expression”.

In other words: you may have a right to free speech on the internet, but you do not have the right to exercise it simply by adding “sucks” to a famous trademark.
But other UDRP panelists have disagreed. WIPO says that some panelists have found:

Irrespective of whether the domain name as such connotes criticism, the respondent has a legitimate interest in using the trademark as part of the domain name of a criticism site if such use is fair and noncommercial.

The third element of UDRP is bad faith. Complainants have to show that the registrant is up to something dodgy.
Some panelists have a pretty low threshold for what constitutes bad faith. Merely having the page parked — even if you did not park it yourself — can point to bad faith, especially in “sucks” cases.
WIPO says that “tarnishment” of a trademark — such as posting porn, which is banned under Vox Pop’s AUP anyway — can be bad faith, but legitimate criticism would not usually:

While it would not normally extend to the mere posting of information about a complainant, or to the posting of genuine, non-commercial criticism regarding the trademark holder, it may extend to commercially motivated criticism by (or likely on behalf of) a competitor of such trademark holder.

So, with all that in mind, here are some tips for improving your odds of surviving a .sucks UDRP.
How to beat a .sucks UDRP
Poring over dozens of “sucks.com” decisions, it quickly becomes clear that there are certain things you should definitely do and not do if you want to keep a hold of your brand-match .sucks domain.
Given the volume of precedent, you’ll have a hard time showing that your domain is not identical or confusingly similar to the trademark in question — strike one — but there are ways to show legitimate interests and rebut claims of bad faith.
1. Respond
To show you lack legitimate interests, the complainant only needs to make a face-value argument that you do not. Then the burden of proof to show rights switches to you.
If you don’t respond to the UDRP, the panel will find you lack rights. Panelists rarely try to fight the corner of a registrant who has not responded.
That’s strike two.
2. Don’t allow your domain to be parked
If a domain is parked, UDRP panelists in “sucks.com” cases invariably find that the registrant lacks legitimate interests and has shown bad faith.
Parking is considered a commercial activity, so you won’t be able to argue convincingly that you’re exercising your right to non-commercial free speech if your domain is splashed with links to the trademark owner’s competitors.
This holds true even if the domain was automatically parked by your registrar.
Dozens (hundreds?) of UDRP cases have been lost because Go Daddy parked the newly registered domain automatically, enabling the complainant to show commercial use.
Panelists are usually happy to overlook the lack of direct bad faith action by the registrant in such cases.
Parking will usually lead to strikes two and three.
In the case of .sucks, parking is actually banned by Vox Populi’s acceptable use policies (pdf).
But the registry will only enforce this policy if it receives a complaint. I don’t know if the Registry-Registrar Agreement, which isn’t public, prohibits registrars auto-parking new domains.
3. Develop a site as soon as possible
In some “sucks.com” cases, respondents have argued that they had intended to put up a criticism site, but could not provide evidence to back up the claims.
If you register a .sucks matching a trademark, you’ll want to put up some kind of site ASAP.
In the case of kohlersucks.com, the registrant had merely framed a Better Business Bureau web page, which was found to show non-commercial criticism use.
4. Don’t offer to sell the domain
It should go without saying that offering to sell the domain to the trademark owner shows bad faith; it looks like extortion.
Panelists regularly also find that registrants give up their legitimate rights to a domain as soon as they make it available to buy.
5. Don’t make any money whatsoever
The second you start making money from a domain that matches a trademark, you’re venturing into the territory of commercial use and are much more likely to fail the WIPO test of “genuine, non-commercial criticism”.
6. Be American
Depressingly, you stand a better chance of fighting off a UDRP on free speech grounds if both the case involves US-based parties and a US-based panelist.
Panelists are more likely to draw on the US Constitution’s First Amendment and associated non-UDRP case law when determining rights or legitimate interests, when the registrant is American.
Merely registering with a US-based registrar is not enough to confer First Amendment rights to a registrant living outside of the US, according to UDRP panels.
Even though freedom of speech is a right in most of the world, in the universe of UDRP it seems the rest of us are second-class citizens compared to the yanks.

Watch this jaw-dropping .sucks promo vid

Is .sucks just a domain name registry? A way to extort money from trademark owners?
No, it’s the about “life, liberty and the pursuit of happiness”, the kind of thing civil rights movement leaders including Martin Luther King and Jesse Jackson could get behind.
At least, that’s the message in the jaw-dropping debut promo video for the new gTLD .sucks, which hits sunrise at the end of the month.
You may not instinctively associate registering a domain name with, say, Rosa Parks refusing to comply with Alabama’s racist segregation laws in the 1950s, but that’s what Vox Populi Registry is inviting you to do.

The video opens with stock news footage of MLK and various civil rights marches, accompanied by what seems to be audio from one of King’s speeches.
The video goes on to intermingle archive footage with nauseating B-roll padding, until we discover that none other than former US presidential candidate Ralph Nader loves .sucks.
He’s provided what seems to be an official endorsement, saying in part:

Most of the great changes in our planet’s history come from less than 1% of the people. For many changes in our country and the world, it’s a lot easier than we think. The word “sucks” is now a protest word, and it’s up to people to give it more meaning.

Nader is not as random a celebrity endorser as you might imagine. Fifteen years ago he wrote to ICANN to specifically endorse the creation of .sucks.
What do you think of the video? Clever? Inspiring? Funny? Tasteless? Offensive? Or just baffling?

Here’s why trademark owners will think .sucks sucks

Vox Populi Registry is to launch its .sucks gTLD at the end of the month, and its plans are likely to piss off trademark owners no end.
As previously reported, the company has backpedaled on its idea of pricing its sunrise period names at $25,000 per name per year, but it’s introducing some new concepts that seem almost designed to get hackles up in the IP community.
From March 30 to May 29, any company with a trademark registered in the Trademark Clearinghouse will be able to buy their matching .sucks domains at sunrise for $2,499. That’s also the annual renewal fee.
It’s a tenth of the price previously touted, but still pretty steep even by sunrise standards.
Vox Pop isn’t doing anything particularly unusual with its sunrise, which is governed by policies closely regulated by ICANN.
But its big new idea is its “Sunrise Premium” list, a list of strings dominated by famous trademarks.
Vox Pop CEO John Berard told DI yesterday that the Sunrise Premium list has been compiled from strings registered or blocked in other TLDs’ sunrise periods.
While he declined to characterize it as a list of trademarks, he acknowledged that it will be trademark-heavy.
If your mark is on this list, you will never be able to get a .sucks domain at the regular general availability retail price of $249 a year. It will always be $2,499 a year.
Despite the name, Sunrise Premium names are only available during general availability, which begins June 1.
On the one hand, this mandatory premium pricing for the world’s most well-defended marks appears to have benefits for some trademark owners.
While Sunrise Premium names are not restricted to owners of matching marks, the $2,499 fee applies whether you’re the mark owner, a legitimate third-party registrant, or a cybersquatter.
So the high price looks like a deterrent to cybersquatting, suggesting that Vox Pop is fighting from the IP corner.
But then we discover that Sunrise Premium names will never be eligible for the .sucks “Block” service — similar to .xxx’s Sunrise B, a Block is a non-resolving registry reservation — which is expected to retail at a discounted $199 per year.
Berard said that the registry wants to encourage use.
“If you are on the Sunrise Premium list or want a premium name, those can’t be blocked,” Berard said. “It’s all part and parcel of us trying to put more power in the hands of individuals and to cultivate a commitment on behalf of the commercial world to participate in the dialogue.”
But the fact remains: if you have a track record of defensively registering your trademark, Vox Pop is essentially penalizing you with higher fees.
Feel those hackles rising yet?
Vox Pop’s stated goals are to give companies a way to manage customer feedback and individuals a way to exercise their rights to criticize.
“A company would be smart to register its name because of the value that consumer criticism has in improving customer loyalty, delivering good customer service, understanding new product and service possibilities,” Berard said.
“They’re spending a lot more on marketing and customer service and research. This domain can another plank in that platform,” he said. “On the other hand, we also want to make sure that these names are also accessible to individuals who have something to say.”
Companies on the Sunrise Premium list have an additional thing to worry about: the .sucks Consumer Advocate Subsidy, which will bring the price of a .sucks domain down to $9.95 per year.
The subsidy will only be available to registrants unaffiliated with the trademark-owning company, and they’ll have to direct their domains to a discussion forum platform called Everything.sucks.
Berard said Everything.sucks will be operated by a third party, but could not yet disclose the details.
The subsidy program will be available on regular and Sunrise Premium names, but not Sunrise names. It is not expected to launch until September.
It’s not yet clear how flexible and configurable the service will be.
It seems likely that if somebody wants to write a blog, say, criticizing a certain company, product, service or public figure, they will incur the usual $249 annual reg fee.
It’s not exactly “free” speech.
On the whole, the finalized policies and fees may look like they’re specifically designed to irk the IP lobby, but they do seem to be aligned with Vox Pop’s mission statement.
If you’re of the view that trademark owners should have the sole right to use the string matching their mark as a domain name, you’re likely to be unhappy with what Vox Pop is doing.
If, on the other hand, you’re an advocate of the right of every free person to stick it to The Man, you may view the policies more favorably.
Either way, it could be a money-spinner for Vox Pop.
I’m expecting .sucks to be only the third new gTLD to top 1,000 sunrise registrations (assuming .porn and .adult will be the first).
Assuming the registry’s slice of the $2,499 fee is over $2,000, the company is looking to clear in excess of $2 million in annually recurring sunrise revenue alone.

Battles for .chat, .style, .tennis, bingo and .sas over

Seven new gTLD contention sets have been formally resolved with application withdrawals this morning, five of which we haven’t previously reported on.
Most appear to have been settled by private auctions, with Donuts often the victor.
The standout, however, is .sas, an unusual case of a contention set of two would-be dot-brand registries being resolved.
The business software maker SAS Institute, which applied as Research IP, has prevailed over the Scandinavian airline holding company SAS AB for the .sas gTLD.
Both applicants had applied for closed, single-registrant namespaces.
On the regular, open gTLD front, .chat has gone to Donuts after withdrawals from Top Level Spectrum, Radix and Famous Four Media.
.style has also gone to Donuts, after Uniregistry, Top Level Design, Evolving Style Registry and Minds + Machines withdrew their applications.
.tennis is another Donuts win. Applications from Famous Four, Washington Team Tennis and Tennis Australia have been withdrawn, after a failed Community bid from Tennis Australia.
Donuts, finally, beat Famous Four to .bingo.
Afilias and Top Level Spectrum have officially withdrawn their .wine applications. As we reported earlier this week, this leaves Donuts as the sole remaining applicant.
Top Level Spectrum’s bid for .sucks has also been withdrawn, confirming DI’s report from earlier this week that the controversial gTLD has been won by Vox Populi Registry.
But Donuts failed to win .online, withdrawing its application today. Only two applicants — Radix and I-Registry — remain in this once six-way contention set.
We’ll know the winner (my money’s on Radix) in a matter of days, I expect.

.sucks domains “will not be $25k”

Vox Populi Registry, which won the auction for the .sucks new gTLD last week, says its Sunrise prices will not be $25,000 a year after all.
The company has further denied that its general availability prices will be $300 a year.
As DI reported earlier today, the Momentous affiliate beat off competition from Donuts and Top Level Spectrum to win the .sucks contention set.
We reported it was likely to be controversial due to the high prices Vox Populi had previously revealed.
But CEO John Berard, while neither confirming or denying that Vox Populi won the auction, told DI tonight that the company has had a rethink of its pricing strategy.
“We are considering something much more in line with current pricing practices,” he said.
While Berard would not discuss numbers, current pricing practices among new gTLDs tend to be in the $10 to $150 range for GA names and a few hundred for Sunrise registrations.
That’s a far cry from the $25,000 a year Sunrise fee the registry hopeful aired last December.
Berard added that .sucks under Vox Populi would have additional rights protection mechanisms beyond the mandatory set all new gTLDs must carry, but he could not yet provide specifics.
My criticisms of the company’s .sucks have been concerned entirely with its pricing, which I thought would bring the industry into disrepute. If its proposed fees have been lowered, that can only be a good thing.

Momentous pays over $3 million for .sucks

Momentous Corp, whose .sucks application has been branded “predatory”, has won the three-way contention set for the new gTLD, according to sources with knowledge of the auction.
The company paid over $3 million for the string, one source said.
Momentous affiliate Vox Populi Registry beat Donuts and Top Level Spectrum, the other applicants, at a private auction I gather was managed by Applicant Auction.
It’s likely to be a controversial win.
Vox Populi has said it plans to charge $25,000 per year for a single Sunrise registration, leading some (myself included) to believe its business model is to exploit the fears of brand owners.
(UPDATE: The company has changed its mind about pricing. It says it won’t charge $25,000 after all.)
In March, US Senator Jay Rockefeller branded the plan nothing more than a “predatory shakedown scheme” with “no socially redeeming value”.
But the company’s CEO, John Berard, told DI last year that .sucks will be an “innovative part of customer service, retention and loyalty”.
Vox Populi is positioning .sucks as a customer feedback tool that companies can budget alongside other pricey items such as retaining a PR agency, for example.
The registry plans to have strict rules against cyber-bullying. The proposed $300-a-year general availability price tag is likely to keep it out of the hands of most schoolyard bullies.
There will also be a “zero tolerance” policy toward parked domains and pornography, according to its web site.
That’s unlikely to calm the concerns of trademark owners, however.
.sucks is a gTLD that many advisers have been characterizing as a “must-have” for companies worried about their online image, rather like .xxx was a few years ago.
Vox Populi started accepting Sunrise pre-registrations for $2,500 on its web site last December, but that offer does not appear to be still available.

CentralNic invests $1.5m in mystery gTLD applicant

Registry back-end provider CentralNic has stumped up $1.5 million to back a new gTLD applicant in a forthcoming private auction.
CentralNic CEO Ben Crawford declined to identify the beneficiary.
The company has also not disclosed what stake in the target company it will obtain if it wins the auction.
Here’s the entirety of the statement the company released to the market this afternoon:

CentralNic plc (AIM:CNIC), the internet platform business which derives revenues from the global sale of domain names, today announces that the Group intends to invest US$1.5 million in a Company which is in a contention set to acquire a new generic Top-Level Domain (“gTLD”). The funds will be placed into an escrow account, pending the resolution of the contention set, with the winning applicant expected to be resolved by a private auction within the next two weeks. The investment is contingent upon the Applicant Company successfully obtaining the rights to the gTLD by winning the auction. If the company is unsuccessful, the funds will be returned in full to CentralNic by the escrow agent.

Assuming CentralNic is investing in an existing registry services client, possible beneficiaries include Top Level Design, Fegistry, Merchant Law Group and XYZ.com.
These clients have more than 20 applications in contention right now, but not all of them could plausibly head to private auction soon.
Some have been blocked, some are in contention sets with applicants that do not participate in private auctions, and some strings have been applied for by more than one CentralNic client.
With those criteria in mind, one could possibly narrow down the target string to: .auto, .cafe, .chat, .design, .forum, .gay, .golf, .law, .news, .now, .realty, .school, .style or .sucks.

Who runs the internet? An ICANN 49 primer

The ICANN 49 public meeting is kicking off here in Singapore right now, and control of the domain name system is going to be the hottest of hot topics for the next four days.
Two Fridays ago the US government announced its plan to remove itself from oversight of key internet functions currently managed by ICANN, causing a firestorm of controversy in the US.
A lot of the media commentary has been poorly informed, politically motivated and misleading.
According to this commentary, the move means that regimes more repressive that the United States government are going to take over the internet, killing off free speech.
Here I present a backgrounder on the issue, a primer for those who may not be familiar with the history and the issues. ICANN addicts may find the latter half of the piece interesting too, but first…
Let’s go back to basics
The issue here is control over the DNS root zone file. Basically, the root zone file is a 454K text file that lists all the top-level domains that are live on the internet today.
Each TLD is listed alongside the DNS name servers that it is delegated to and control it. So .com has some name servers, .uk has some name servers, .info has some name servers, etc.
If an internet user in San Francisco or London or Ulan Bator tries to visit google.com, her ISP finds that web site by asking the .com zone file for its IP address. It finds the location of the .com zone file (managed by Verisign) in turn by asking the root zone file.
The root zone files are served up by 13 logical root zone servers named A through M, managed by 12 different entities. Verisign runs two. ICANN runs one. Most are US-based entities.
Every root server operator agrees that Verisign’s root is authoritative. They all take their copies of the root zone file from this server. This keeps the data clean and consistent around the world.
So Verisign, in terms of actually sitting at a keyboard and physically adding, deleting or amending entries in the root zone file, has all of the power over the internet’s DNS.
Verisign could in theory assign .uk or .xxx or .com to name servers belonging to Canada or the Vatican or McDonalds or me.
But in practice, Verisign only makes changes to the root zone when authorized to do so by the US National Telecommunications and Information Administration, part of the Department of Commerce.
That’s because Verisign’s power to amend the root zone comes from its Cooperative Agreement with NTIA.
Amendment 11 (pdf) of this agreement dates from 1999, a time before Verisign acquired Network Solutions (NSI) and before ICANN had a name and was known as “NewCo”. It states:

NSI agrees to continue to function as the administrator for the primary root server for the root server system and as a root zone administrator until such time as the USG instructs NSI in writing to transfer either or both of these functions to NewCo or a specified alternate entity.
While NSI continues to operate the primary root server, it shall request written direction from an authorized USG official before making or rejecting any modifications, additions or deletions to the root zone file. Such direction will be provided within ten (10) working days and it may instruct NSI to process any such changes directed by NewCo when submitted to NST in conformity with written procedures established by NewCo and recognized by the USG.

So the power to amend the root zone — and therefore decide which TLDs get to exist and who gets to run them — actually lies in NTIA’s hands, the hands of the US government.
NTIA says its role is “largely symbolic” in this regard.
That’s because the power to decide what changes should be made to the root zone has been delegated to ICANN via the “IANA functions” contract.

What you’re looking at here is a diagram, from the latest IANA contract, showing that whatever changes ICANN proposes to make to the root (such as adding a new gTLD) must be authorized by NTIA before somebody at Verisign sits at a keyboard and physically makes the change.
In the diagram, “IANA Functions Operator” is ICANN, “Administrator” is NTIA, and “Root Zone Maintainer” is Verisign.
What NTIA now proposes is to remove itself from this workflow. No longer would ICANN have to seek a US government rubber stamp in order to add a new TLD or change ownership of an existing TLD.
It’s possible that Verisign will also be removed from the diagram. ICANN runs a root server already, which could replace Verisign’s A-root as the authoritative one of the 13.
NTIA says that the Cooperative Agreement and the IANA contract are “inextricably intertwined” and that it will “coordinate a related and parallel transition in these responsibilities.”
If this all sounds dry and technical so far, that’s because it is.
So why is it so important?
An entry in the DNS root zone has economic value. The fact that the record for .com points to Verisign’s name servers and not yours means that Verisign is worth $7 billion and you’re not.
Whoever has power over the root therefore has the ability to dictate terms to the entities that want their TLD listed.
ICANN’s contract with Verisign makes Verisign pay ICANN $0.25 for every .com name sold, for example.
The contract also forces Verisign to only sell its names via registrars that have been accredited by ICANN.
This gives ICANN, by indirect virtue of its control of the root, power over registrars too.
The Registrar Accreditation Agreement contains terms that require registrars to publish, openly, the names and addresses of all of their customers, for example.
Suddenly, control of the root is not only about lines in a database, it’s about consumer privacy too.
The same goes for other important issues, such as free speech.
Should people have the right to say that a company or a politician “sucks”? Most of us would agree that they should.
However, if they want to register a .sucks domain name in future they’re going to have to abide by rules, developed by ICANN and its community, that protect trademark owners from cybersquatting.
Over the course of many years, ICANN has decided that trademark owners should always have the right to preemptively register any domain name that matches their brands. This will apply to .sucks too.
If I, militant vegetarian that I am, wanted to register mcdonalds.sucks after .sucks becomes available, there’s a significant probability that I’m not going to get the opportunity to do so.
Of course, there’s nothing stopping you and I publishing our opinion of a worthless politician or corrupt company in other ways using other domain names, but it remains true that ICANN has essentially prioritized, for very good reasons, the rights of trademark owners over the rights of other internet users.
Theoretically, at some point in the future, ICANN could amend the Registrar Accreditation Agreement to require registrars to, for example, always deactivate a domain name when they receive a cease and desist letter, no matter how unfounded or spurious, from a trademark lawyer.
Suddenly, the web belongs to the IP attorneys, free speech is damaged, and it’s all because ICANN controls the DNS root.
I’m not saying that’s going to happen, I’m just using this as an example of how ruling the root has implications beyond adding records to a database.
What does US oversight have to do with this?
The question is, does the US removing itself from the root zone equation have any impact on what ICANN does in future? Has the US in fact been a good custodian of the root?
Commentators, many of them Republicans apparently seizing on the NTIA’s move as the latest opportunity to bash President Obama’s administration, would have you believe that the answer is yes.
I’m not so sure.
The US in fact has a track record of using its power in ways that would reduce free speech on the internet.
Back in 2005, there was a controversy about ICANN’s decision to add .xxx — a top-level domain for pornography — to the root zone. Whatever you think about porn, this is undeniably a free speech issue.
The US government, under the Bush administration, was initially ambivalent about the issue. Then a bunch of right-wing religious groups started lobbying the NTIA en masse, demanding .xxx be rejected.
The NTIA suddenly switched its position, and actually considered (ab)using its power over the root zone to block .xxx’s approval and therefore appease the Republican base.
This all came out due to .xxx operator ICM Registry’s Freedom of Information Act requests, which were detailed in the the declaration (pdf) of an Independent Review Panel — three neutral, respected judges — that oversaw ICM’s appeal against ICANN:

Copies of messages obtained by ICM under the Freedom of Information Act show that while officials of the Department of Commerce concerned with Internet questions earlier did not oppose and indeed apparently favored ICANN’s approval of the application of ICM, the Department of Commerce was galvanized into opposition by the generated torrent of negative demands, and by representations by leading figures of the so-called “religious right”, such as Jim Dobson, who had influential access to high level officials of the U.S. Administration. There was even indication in the Department of Commerce that, if ICANN were to approve a top level domain for adult material, it would not be entered into the root if the United States Government did not approve

US lobbying via ICANN’s Governmental Advisory Committee and other channels had the effect that ICANN rejected ICM’s .xxx application. It’s only because ICM was prepared to spend years and millions of dollars appealing the decision that .xxx was finally added to the root.
When you read an article claiming that the US government relinquishing its root oversight role will have a negative effect on free speech, ask yourself what the record actually shows.
The .xxx case is the only example I’m aware of the US leveraging or preparing to leverage its oversight role in any way. On free speech, USG is 0 for 1.
The US is also a powerful member of the Governmental Advisory Committee, the collection of dozens of national governments that have a strong voice in ICANN policy-making.
Under the rules of the new gTLD program, the GAC has right to veto any new gTLD — prevent it being added to the DNS root zone — if all the governments on the GAC unanimously agree to the veto.
Currently, there’s a controversy about the proposed gTLD .amazon, which has been applied for by the online retail behemoth Amazon.
Latin American countries that count the Amazonia region and Amazon river as part of their territories don’t want it approved; they believe they have the better rights to the .amazon string.
Despite this outrage, the GAC initially could not find unanimous consensus to veto .amazon. It transpired that the US, no doubt protecting the interests of a massive US-based corporation, was the hold-out.
Last July, NTIA decided to drop its opposition to the veto, leading to a GAC consensus that .amazon should be rejected.
In its position paper (pdf) announcing the .amazon veto block reversal, NTIA said the US “affirms our support for the free flow of information and freedom of expression”.
By its own definitions, the US made a decision that harmed free expression (not to mention Amazon’s business interests). It seems to have done so, again, in the name of political expediency.
I’m not saying that the US decision was right or wrong, merely that the record again shows that it’s not the great protector of free speech that many commentators are making it out to be.
What should replace the US?
The question for the ICANN community this week in Singapore and over the coming months is what, if anything, should replace the US in terms of root zone oversight.
The NTIA has been adamant that a “multi-stakeholder” solution is the way to go and that it “will not accept a proposal that replaces NTIA’s role with a government-led or an inter-governmental solution.”
The weirdness in this statement, and with the whole transition process in general, is ICANN is already a multi-stakeholder system.
In light of the US’ longstanding “hands off” approach (with the aforementioned exception of .xxx), does ICANN even need any additional oversight?
Today, legislative power in ICANN resides with its board of directors. The ICANN staff wield executive control.
In theory and under ICANN’s extensive governance rules, the board is only supposed to approve the consensus decisions of the community and the staff are only supposed to execute the wishes of the board.
In practice, both board and staff are often criticized for stepping beyond these bounds, making decisions that do not appear to have originated in the community policy-making process.
The ruling on vertical integration between registries and registrars, where the community could not even approach consensus, appears to have originated with ICANN’s legal department, for example.
There has also been substantial concern about the extent of the power handed to hand-picked advisory panels created by CEO Fadi Chehade recently.
In that light, perhaps what ICANN needs is not oversight from some third party but rather stronger community accountability mechanisms that prevent capture and abuse.
That’s certainly my view today. But I don’t have any particularly strong feelings on these issues, and I’m open to have my mind changed during this week’s discussions in Singapore.